Merge pull request #28113 from hashicorp/pselle/provider_sensitive_attrs_docs

Update documentation for provider_sensitive_attrs experiment
This commit is contained in:
Pam Selle 2021-03-18 11:24:55 -04:00 committed by GitHub
commit 683422e54f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 10 deletions

View File

@ -336,12 +336,13 @@ _derive_ from a sensitive resource attribute will not themselves be considered
sensitive, and so Terraform will include those derived values in its output sensitive, and so Terraform will include those derived values in its output
without redacting them. without redacting them.
Terraform v0.14.0 and later has an Terraform v0.15.0 and later treats resource attributes that are marked as
[experimental feature](/docs/language/settings/index.html#experimental-language-features) sensitive (by the provider) in the same way as sensitive input variables and
to treat resource attributes that are marked as sensitive in the same way as output values, so that Terraform will consider any derived values as sensitive too.
sensitive input variables and output values, so that Terraform will consider
any derived values as sensitive too. You can activate that experiment for your If you are using Terraform v0.14.x, this feature is considered experimental.
module using the `provider_sensitive_attrs` experiment keyword: You can activate that experiment for your module using the
`provider_sensitive_attrs` experiment keyword:
```hcl ```hcl
terraform { terraform {

View File

@ -109,10 +109,10 @@ main evaluation step.
Sensitive values, such as [sensitive input variables](https://www.terraform.io/docs/language/values/variables.html#suppressing-values-in-cli-output), Sensitive values, such as [sensitive input variables](https://www.terraform.io/docs/language/values/variables.html#suppressing-values-in-cli-output),
[sensitive outputs](https://www.terraform.io/docs/language/values/outputs.html#sensitive-suppressing-values-in-cli-output), [sensitive outputs](https://www.terraform.io/docs/language/values/outputs.html#sensitive-suppressing-values-in-cli-output),
or [sensitive resource attributes](https://www.terraform.io/docs/language/expressions/references.html#sensitive-resource-attributes) or [sensitive resource attributes](https://www.terraform.io/docs/language/expressions/references.html#sensitive-resource-attributes),
(if the `provider_sensitive_attrs` experiment is enabled), cannot be used as arguments cannot be used as arguments to `for_each`. The value used in `for_each` is used
to `for_each`. The value used in `for_each` is used to identify the resource instance to identify the resource instance and will always be disclosed in UI output,
and will always be disclosed in UI output, which is why sensitive values are not allowed. which is why sensitive values are not allowed.
Attempts to use sensitive values as `for_each` arguments will result in an error. Attempts to use sensitive values as `for_each` arguments will result in an error.
If you transform a value containing sensitive data into an argument to be used in `for_each`, be aware that If you transform a value containing sensitive data into an argument to be used in `for_each`, be aware that