azurerm provider should define kube_config_raw as sensitive

[subesokun]

Terraform Version

Terraform v0.11.7
provider.azurerm: version = "~> 1.4"

Debug Output

https://gist.github.com/subesokun/ae9893a093c4ce7fcdebf2cb5cc95c0d

Expected Behavior

If a kubernetes cluster gets re-deployed the kube_config_raw content shouldn't be visible in the console log and be marked as <sensitive>

Actual Behavior

kube_config_raw content gets printed in clear text into the console log.

Steps to Reproduce

1. terraform init
2. terraform apply
3. Change some attribute like the linux_profile.ssh_key
4. terraform apply

Additional Context

We're deploying our kubernetes clusters as part of our CI/CD pipelines and usually every developer in the project has access to the deployment logs of those pipelines and hence we need to keep the console logs clean from any sensitive data. Now as the kube_config_raw gets logged in clear text into the console this is very critical to us as everybody with access to the logs could access the cluster and compromise it which we have to prevent by all means.

[ghost]

This issue has been automatically migrated to hashicorp/terraform-provider-azurerm#1220 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-azurerm#1220.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.