From 76325789573536309538326274ad4c553fb146ee Mon Sep 17 00:00:00 2001
From: Chris Rasmussen <chris.rasmussen@well.co>
Date: Thu, 19 Aug 2021 17:39:58 -0500
Subject: [PATCH 1/3] Flag `aws_elasticache_user` Passwords as Sensitive

---
 aws/data_source_aws_elasticache_user.go       | 9 +++++----
 aws/resource_aws_elasticache_user.go          | 9 +++++----
 website/docs/r/elasticache_user.html.markdown | 3 +++
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/aws/data_source_aws_elasticache_user.go b/aws/data_source_aws_elasticache_user.go
index bc2aff38476..8cfa7b004ca 100644
--- a/aws/data_source_aws_elasticache_user.go
+++ b/aws/data_source_aws_elasticache_user.go
@@ -27,10 +27,11 @@ func dataSourceAwsElastiCacheUser() *schema.Resource {
 				Optional: true,
 			},
 			"passwords": {
-				Type:     schema.TypeSet,
-				Optional: true,
-				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set:      schema.HashString,
+				Type:      schema.TypeSet,
+				Optional:  true,
+				Elem:      &schema.Schema{Type: schema.TypeString},
+				Set:       schema.HashString,
+				Sensitive: true,
 			},
 			"user_id": {
 				Type:     schema.TypeString,
diff --git a/aws/resource_aws_elasticache_user.go b/aws/resource_aws_elasticache_user.go
index 0d77d51ed1a..6e57181d539 100644
--- a/aws/resource_aws_elasticache_user.go
+++ b/aws/resource_aws_elasticache_user.go
@@ -53,10 +53,11 @@ func resourceAwsElasticacheUser() *schema.Resource {
 				Default:  false,
 			},
 			"passwords": {
-				Type:     schema.TypeSet,
-				Optional: true,
-				MaxItems: 2,
-				Elem:     &schema.Schema{Type: schema.TypeString},
+				Type:      schema.TypeSet,
+				Optional:  true,
+				MaxItems:  2,
+				Elem:      &schema.Schema{Type: schema.TypeString},
+				Sensitive: true,
 			},
 			"tags":     tagsSchema(),
 			"tags_all": tagsSchemaComputed(),
diff --git a/website/docs/r/elasticache_user.html.markdown b/website/docs/r/elasticache_user.html.markdown
index 4bbde40391f..7500cf97bed 100644
--- a/website/docs/r/elasticache_user.html.markdown
+++ b/website/docs/r/elasticache_user.html.markdown
@@ -10,6 +10,9 @@ description: |-
 
 Provides an ElastiCache user resource.
 
+~> **Note:** All arguments including the username and passwords will be stored in the raw state as plain-text.
+[Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).
+
 ## Example Usage
 
 ```terraform

From 9daace437a27f761b812b69a0bac989a9ed94913 Mon Sep 17 00:00:00 2001
From: Chris Rasmussen <chris.rasmussen@well.co>
Date: Thu, 19 Aug 2021 18:22:21 -0500
Subject: [PATCH 2/3] Add changelog entry 20629.txt

---
 .changelog/20629.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/20629.txt

diff --git a/.changelog/20629.txt b/.changelog/20629.txt
new file mode 100644
index 00000000000..35c498fcdb2
--- /dev/null
+++ b/.changelog/20629.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_elasticache_user: Mark `passwords` argument as sensitive.
+```

From c276a2e1a605d7f81a2208f3d999db432993a9c5 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Fri, 20 Aug 2021 08:49:27 -0400
Subject: [PATCH 3/3] CHANGELOG entry addition.

---
 .changelog/20629.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.changelog/20629.txt b/.changelog/20629.txt
index 35c498fcdb2..b4bb94edfc7 100644
--- a/.changelog/20629.txt
+++ b/.changelog/20629.txt
@@ -1,3 +1,7 @@
 ```release-note:enhancement
 resource/aws_elasticache_user: Mark `passwords` argument as sensitive.
 ```
+
+```release-note:enhancement
+data-source/aws_elasticache_user: Mark `passwords` attribute as sensitive.
+```
\ No newline at end of file