Merge pull request #1850 from terraform-providers/f-vpn-conn-sensitive

r/vpn_connection: Mark preshared keys as sensitive
hashicorp · Oct 10, 2017 · 71b43ae · 71b43ae
2 parents 71d64c3 + 5562d88
commit 71b43ae
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/aws/resource_aws_vpn_connection.go b/aws/resource_aws_vpn_connection.go
@@ -119,8 +119,9 @@ func resourceAwsVpnConnection() *schema.Resource {
 			},
 
 			"tunnel1_preshared_key": {
-				Type:     schema.TypeString,
-				Computed: true,
+				Type:      schema.TypeString,
+				Sensitive: true,
+				Computed:  true,
 			},
 			"tunnel1_bgp_asn": {
 				Type:     schema.TypeString,
@@ -146,8 +147,9 @@ func resourceAwsVpnConnection() *schema.Resource {
 			},
 
 			"tunnel2_preshared_key": {
-				Type:     schema.TypeString,
-				Computed: true,
+				Type:      schema.TypeString,
+				Sensitive: true,
+				Computed:  true,
 			},
 			"tunnel2_bgp_asn": {
 				Type:     schema.TypeString,

diff --git a/website/docs/r/vpn_connection.html.markdown b/website/docs/r/vpn_connection.html.markdown
@@ -11,6 +11,9 @@ description: |-
 
 Provides a VPN connection connected to a VPC. These objects can be connected to customer gateways, and allow you to establish tunnels between your network and the VPC.
 
+~> **Note:** All arguments including `tunnel1_preshared_key` and `tunnel2_preshared_key` will be stored in the raw state as plain-text.
+[Read more about sensitive data in state](/docs/state/sensitive-data.html).
+
 ## Example Usage
 
 ```hcl