Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The private_key schema element of the keycloak_realm_keystore_rsa resource must be sensitive #962

Open
laszlomiklosik opened this issue May 15, 2024 · 1 comment · May be fixed by #963
Open

The private_key schema element of the keycloak_realm_keystore_rsa resource must be sensitive #962

laszlomiklosik opened this issue May 15, 2024 · 1 comment · May be fixed by #963

Comments

@laszlomiklosik
Copy link

laszlomiklosik commented May 15, 2024
edited
Loading

The below schema definition (see https://github.com/mrparkers/terraform-provider-keycloak/blob/3f6b75b79ada48eddb41de6055f57a357d9b691c/provider/resource_keycloak_realm_keystore_rsa.go#L60 for full context) is not declaring the private_key schema element as sensitive, thus one can list the related secret with terraform state show keycloak_realm_keystore_rsa.keystore_rsa

			"private_key": {
				Type:        schema.TypeString,
				Required:    true,
				Description: "Private RSA Key encoded in PEM format",
			},

Besides allowing to list this information in the terraform console using terraform state show and being visible in the terraform plan's output this can also force us in some situations to use the nonsensitive function, otherwise one can't pass this value using a data source linked to a secrets management tool (Azure KeyVault or AWS Secrets Manager or Hashicorp Vault).
@laszlomiklosik laszlomiklosik linked a pull request May 15, 2024 that will close this issue
Open
@laszlomiklosik
Copy link
Author

laszlomiklosik commented May 15, 2024
edited
Loading

Would be great to have this reviewed and if appropriate merged soon. thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@laszlomiklosik