Mark data+raw resource attributes as sensitive.

[samcday]

This ensures that when data from this plugin is passed around, it's hidden from display no matter what.

https://www.terraform.io/docs/configuration/expressions/references.html#sensitive-resource-attributes

[carlpett]

@samcday, I'm very sorry for missing the notification about this!
Thanks a lot for the PR!

[worldofgeese]

Is this available in 0.6?

[carlpett]

Yes. Is it not working as expected?

[worldofgeese]

@carlpett well, I may be using it wrong but k8s_manifest.cloudflare_api_token_secret is displaying everything inside the decrypted raw sops yaml I provide it:

  # k8s_manifest.cloudflare_api_token_secret will be created
  + resource "k8s_manifest" "cloudflare_api_token_secret" {
      + content = <<~EOT
            apiVersion: v1
            kind: Secret
            metadata:
                name: cloudflare-api-token-secret
                namespace: cert-manager
            type: Opaque
            stringData:
                api-token: super-secret-api-token
        EOT
      + id      = (known after apply)
    }

Here's the bit of relevant HCL:

resource "k8s_manifest" "cloudflare_api_token_secret" {
  content = data.sops_file.cloudflare_api_token_secret.raw
  depends_on = [
    helm_release.cert_manager,
  ]
}