Skip to content

feat: add sensitive_request_headers argument #521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add sensitive_request_headers argument #521

wants to merge 1 commit into from

Conversation

mdb
Copy link

@mdb mdb commented Apr 16, 2025
edited
Loading

This seeks to address issue #34 via sensitive_request_headers, which serves the same function as request_headers, but sensitive_request_headers are denoted as sensitive and their values are obscured as ***** in Terraform state.

@mdb mdb requested a review from a team as a code owner April 16, 2025 00:56
@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Apr 16, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@mdb
feat: add sensitive_request_headers argument
0d4aa69 
This seeks to address issue hashicorp#34 via `sensitive_request_headers`,
which serves the same function as `request_headers`, but are denoted as
sensitive and their values are obscured as `*****` in Terraform state.

Signed-off-by: Mike Ball <[email protected]>
@mdb mdb force-pushed the mdb/sensitive-request-headers branch from e1b4a01 to 0d4aa69 Compare April 16, 2025 00:57
mdb
mdb commented Apr 16, 2025
View reviewed changes
internal/provider/data_source_http.go
if strings.ToLower(name) == "host" {
request.Host = header
}
}
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

☝️ This and the line 348 loop could probably be DRY'd up :)

@ansgarm
Copy link
Member

ansgarm commented Apr 16, 2025

Hi @mdb 👋

but sensitive_request_headers are denoted as sensitive and their values are obscured as ***** in Terraform state

Does wrapping your secret value in sensitive() do the same job?

@mdb
Copy link
Author

mdb commented Apr 16, 2025

Hi @ansgarm - Thanks for the response!

Does wrapping your secret value in sensitive() do the same job?

I don't believe so; sensitive() is a step in the right direction, though the sensitive()-wrapped values still appear in plain text in TF state. Incidentally, @apparentlymart teases some other ideas that might work:

  • Make the provider support .netrc files, and allow you to specify one or more files in the provider configuration itself, to be used across all http resources where the hostname matches.
  • Support a new host block inside the provider block to allow credentials to be provided inline, allowing the same sort of interpolation patterns you can do directly in the resource:

@mdb mdb mentioned this pull request Apr 21, 2025
Open
@mdb
Copy link
Author

mdb commented Apr 21, 2025

@ansgarm I'm curious hear your thoughts on PR #524. Would that be preferable over this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdb @ansgarm