You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it should be marked as sensitive only when write_only is enabled. That will be more coherent to the Spacelift UI since there you can see any env var value that is not marked as write_only.
The text was updated successfully, but these errors were encountered:
Sadly, this is a limitation of the Terraform provider SDK - as you can see here, there is no way that the sensitivity of the "value" field can be conditional on some other variable.
Thus, the only way to show plaintext variables in the logs, and not show the secrets, would be to have two separate resources for environment variables (eg. spacelift_plaintext_envvar and spacelift_secret_envvar) and two separate resources for mounted files (eg. spacelift_plaintext_mounted_file and spacelift_secret_mounted_file).
I'm personally ok with having the additional plaintext resource since seeing the variables in the plan is quite critical in most of the cases. They are the actual inputs to the stack and most of them won't be secrets.
In the end, that will probably go inside a module anyway so you can create one resource or the other depending on the write_only setting from some variable. And I think recreating them is not that big task since it would be just like using terraform.
Since the environment variable value is marked always as sensitive, you are not able to see the actual value in the plan. And, especially when you're passing complex data or doing more than just passing a primitive value (e.g.: interpolation from other variables), it can be very hard to debug.
I think it should be marked as sensitive only when write_only is enabled. That will be more coherent to the Spacelift UI since there you can see any env var value that is not marked as write_only.
The text was updated successfully, but these errors were encountered: