Skip to content

fix: mark secrets as sensitive (Sensitive: true). #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

fix: mark secrets as sensitive (Sensitive: true). #145

wants to merge 8 commits into from

Conversation

btfhernandez
Copy link
Contributor

Purpose of the PR

Mark secrets as sensitive (Sensitive: true).

According to ticket

https://beyondtrust.atlassian.net/browse/BIPS-28983

Summary of changes:

  • Mark secrets as sensitive (Sensitive: true).
  • Update Documentation

@Copilot Copilot AI review requested due to automatic review settings August 15, 2025 01:13
@btfhernandez btfhernandez requested a review from a team as a code owner August 15, 2025 01:13
Copilot

This comment was marked as outdated.

Sign in to view

@btfhernandez btfhernandez requested a review from Copilot August 15, 2025 02:04
Copilot
Copilot AI reviewed Aug 15, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances security by marking secret values as sensitive in Terraform schemas and outputs to prevent them from being displayed in logs or CLI output. It also updates documentation to clarify the purpose of the api_account_name parameter.

Key changes:

  • Added Sensitive: true to all schema fields containing sensitive data (passwords, secrets, file content)
  • Added sensitive = true to Terraform outputs containing secret values
  • Updated documentation to clarify the role of api_account_name in authorization

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
terraform/main.tf Added sensitive flags to outputs and corrected account name reference
providers/provider_sdkv2/secrets.go Marked value, password, text, and file_content fields as sensitive
providers/provider_sdkv2/provider.go Updated description for api_account_name parameter
providers/provider_sdkv2/managed_account.go Marked value field as sensitive in managed account schema
providers/provider_sdkv2/common.go Marked password field as sensitive in managed account schema
providers/provider_framework/provider.go Updated description for api_account_name parameter
docs/index.md Updated documentation for api_account_name parameter

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@github-actions GitHub Actions
Copy link

Merging this branch will not change overall coverage

Impacted Packages Coverage Δ 🤖
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_framework 0.00% (ø)
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_framework/provider.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/common.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/managed_account.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/provider.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/secrets.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

@github-actions GitHub Actions
Copy link

Merging this branch will not change overall coverage

Impacted Packages Coverage Δ 🤖
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_framework 0.00% (ø)
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_framework/provider.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/common.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/managed_account.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/provider.go 0.00% (ø) 0 0 0
github.com/BeyondTrust/terraform-provider-passwordsafe/providers/provider_sdkv2/secrets.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

dtejadav
dtejadav approved these changes Aug 15, 2025
View reviewed changes
Copy link

@dtejadav dtejadav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@dtejadav dtejadav dtejadav approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@btfhernandez @dtejadav