Hello
For an OSS project (with public CI/CD), I’m using the cognito_identity_provider resource from the AWS provider.
To configure this resource I have to provide the client_id and the client_secret inside the provider_details attribute, and those informations are not marked as sensitive.
I looked at the code and discovered that provider_details is of type schema.TypeMap which makes impossible to mark client_id and client_secret as sensitive.
Is there any way to secure informations in this case ?
Hi @VEBERArnaud,
It seems like the provider treats this map as an opaque collection of values to send verbatim to the remote API, so it can’t distinguish sensitive elements from non-sensitive elements.
However, given that the document purpose of provider_details is to include client secrets and/or access tokens, the provider could potentially just mark that entire map as sensitive, which would then obscure any attribute inside it.
I’d suggest opening a feature request in the AWS provider repository if there isn’t one for this already, to start a discussion about the tradeoffs of marking this map as sensitive. The provider maintainers may have had a good reason for not marking this as sensitive, but it could also have just been an oversight, so opening an issue will be an opportunity to revisit that and see.
