Skip to content

secrets leaking on error #96

New issue
New issue
Open
Open
secrets leaking on error#96
@johnypony3

Description

@johnypony3
johnypony3
opened on Sep 13, 2021

Hi!
The http provider is leaking secrets on error, relevant source here: if err != nil {
It would be ideal to have this dump controlled via the log level.

Terraform Version

  • 1.0.2
  • 1.0.3

Affected Resource(s)

Please list the resources as a list, for example:

  • http

Terraform Configuration Files

variable "super_sensitive_value" {
  type      = string
  sensitive = true
  default   = "apparently_not_sensitive_enough"
}

data "http" "use_vault_result_in_a_call" {
  url = var.super_sensitive_value
}

Debug Output

│ Error: Error making request: Get "apparently_not_sensitive_enough": unsupported protocol scheme ""
│
│   with data.http.use_vault_result_in_a_call,
│   on main.tf line 18, in data "http" "use_vault_result_in_a_call":
│   18: data "http" "use_vault_result_in_a_call" {

Expected Behavior

The variable super_sensitive_value is expected to be hidden from logs as its marked as sensitive.

Actual Behavior

The variable super_sensitive_value is leaked to the log.

Steps to Reproduce

  1. terraform apply

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions