chore: flag certs as sensitive in cloudsql terraform output

[#186876337](https://www.pivotaltracker.com/story/show/186876337)
cloudfoundry · Jan 22, 2024 · bd1afd9 · bd1afd9
1 parent ca3f937
commit bd1afd9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/terraform/cloudsql/mysql/provision/outputs.tf b/terraform/cloudsql/mysql/provision/outputs.tf
@@ -8,8 +8,14 @@ output "password" {
   value     = google_sql_user.admin_user.password
 }
 
-output "sslrootcert" { value = google_sql_database_instance.instance.server_ca_cert.0.cert }
-output "sslcert" { value = google_sql_ssl_cert.client_cert.cert }
+output "sslrootcert" {
+  sensitive = true
+  value     = google_sql_database_instance.instance.server_ca_cert.0.cert
+}
+output "sslcert" {
+  sensitive = true
+  value     = google_sql_ssl_cert.client_cert.cert
+}
 output "sslkey" {
   value     = google_sql_ssl_cert.client_cert.private_key
   sensitive = true

diff --git a/terraform/cloudsql/postgresql/provision/outputs.tf b/terraform/cloudsql/postgresql/provision/outputs.tf
@@ -9,10 +9,16 @@ output "password" {
 }
 output "require_ssl" { value = var.require_ssl }
 
-output "sslcert" { value = google_sql_ssl_cert.client_cert.cert }
+output "sslcert" {
+  sensitive = true
+  value     = google_sql_ssl_cert.client_cert.cert
+}
 output "sslkey" {
   value     = google_sql_ssl_cert.client_cert.private_key
   sensitive = true
 }
-output "sslrootcert" { value = google_sql_database_instance.instance.server_ca_cert.0.cert }
+output "sslrootcert" {
+  sensitive = true
+  value     = google_sql_database_instance.instance.server_ca_cert.0.cert
+}