chore: do not show sensitive certificate details in Terraform cmd out…

…put.
GoogleCloudPlatform · Dec 20, 2023 · 7f448ef · 7f448ef
1 parent 49252d7
commit 7f448ef
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.erb b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.erb
@@ -787,20 +787,23 @@ is set to true. Defaults to ZONAL.`,
 							Optional:     true,
 							ForceNew:     true,
 							AtLeastOneOf: replicaConfigurationKeys,
+							Sensitive:    true,
 							Description:  `PEM representation of the trusted CA's x509 certificate.`,
 						},
 						"client_certificate": {
 							Type:         schema.TypeString,
 							Optional:     true,
 							ForceNew:     true,
 							AtLeastOneOf: replicaConfigurationKeys,
+							Sensitive:    true,
 							Description:  `PEM representation of the replica's x509 certificate.`,
 						},
 						"client_key": {
 							Type:         schema.TypeString,
 							Optional:     true,
 							ForceNew:     true,
 							AtLeastOneOf: replicaConfigurationKeys,
+							Sensitive:    true,
 							Description:  `PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.`,
 						},
 						"connect_retry_interval": {
@@ -865,8 +868,9 @@ is set to true. Defaults to ZONAL.`,
 				Description: `The configuration for replication.`,
 			},
 			"server_ca_cert": {
-				Type:     schema.TypeList,
-				Computed: true,
+				Type:       schema.TypeList,
+				Computed:   true,
+				Sensitive:  true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"cert": {

diff --git a/mmv1/third_party/terraform/services/sql/resource_sql_ssl_cert.go b/mmv1/third_party/terraform/services/sql/resource_sql_ssl_cert.go
@@ -56,6 +56,7 @@ func ResourceSqlSslCert() *schema.Resource {
 			"cert": {
 				Type:        schema.TypeString,
 				Computed:    true,
+				Sensitive:   true,
 				Description: `The actual certificate data for this client certificate.`,
 			},
 
@@ -87,6 +88,7 @@ func ResourceSqlSslCert() *schema.Resource {
 			"server_ca_cert": {
 				Type:        schema.TypeString,
 				Computed:    true,
+				Sensitive:   true,
 				Description: `The CA cert of the server this client cert was generated from.`,
 			},