-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The password
-attribute of site_credential
gets exposed when executing terraform destroy
.
#3680
Comments
Hi! Does anyone know what caused this? |
hi @baosen Thanks for opening this issue. Taking a look at the code all the instances of this appear to be a Sensitive value - as such I'm wondering if you can upgrade the version of Terraform Core being used here and confirm if this still happens for you? Thanks! |
Upgrading Terraform Core means using the latest Terraform binary? :S. I've tried using the latest 64-bit Linux Terraform binary now, which when I run ./terraform version, it prints out: Terraform v0.12.6
and then deployed and destroyed the same config as mentioned in the first post. The output is still the same, where the password leaks :(. See attachment. (don't worry about the pass being open to the public in this screenshot, i've destroyed the test resources :) ) |
@baosen @tombuildsstuff we also see the same behavior but when running terraform plan. |
This is still happening with Terraform 0.12.9 and azurerm 1.35.0 |
This issue comes from a bug in the Terraform Plugin SDK. For this reason it is currently not possible to mask parts of nested blocks. One option would be to mark the whole |
Quick workaround is to omit kube_config sensitive information using
|
👋 Since this issue needs to be fixed in the Terraform Plugin SDK rather than tracking this issue in multiple places I'm going to close this issue in favour of the upstream issue. Once that's been fixed we'll update the version of the Plugin SDK being used and this should get resolved - as such please subscribe to the upstream issue for updates. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Community Note
Terraform (and AzureRM Provider) Version
Terraform v0.12.2
AzureRM Provider v1.30.1 (did not happen on v1.25)
Affected Resource(s)
azurerm_app_service
Terraform Configuration Files
Expected Behavior
Do not print out the
password
-attribute ofsite_credential
. Should say(sensitive value)
.Actual Behavior
The
password
-attribute ofsite_credential
gets printed out. Does not say(sensitive value)
.Steps to Reproduce
terraform apply -auto-approve
terraform destroy
The text was updated successfully, but these errors were encountered: