Feature Request: sensitive content

[manfredlift]

Provide a way to pass sensitive content to archive_file. At the moment there is no other way to mask a variable or flag an input as sensitive than at the provider level (hashicorp/terraform#16643 (comment)).

Example use case is a rendered template_file with secrets injected into it that we would like to zip.

Three different ways this could be implemented:

data "archive_file" "foobar" {
  type        = "zip"
  output_path = "${path.module}/foobar.zip"

  source {
    content  = "${local.secret}"
    filename = "bar"
    sensitive = true
  }
}

data "archive_file" "foobar" {
  type        = "zip"
  output_path = "${path.module}/foobar.zip"

  source {
    sensitive_content = "${local.secret}"
    filename          = "bar"
  }
}

data "archive_file" "foobar" {
  type        = "zip"
  output_path = "${path.module}/foobar.zip"

  sensitive_source {
    content  = "${local.secret}"
    filename = "bar"
  }
}

[pms1969]

Any progress on this?

[AndrewNeudegg]

We need this to obscure secrets.

[pms1969]

Nudge

[R0flcopt3r]

We need this to hide some secrets from our tfstate.