Support of ephemeral "write-only" argument to aws_kms_ciphertext

[mmsepyx]

Description

When we are using aws_kms_ciphertext resource to encrypt some data, it's generally not wanted that the plaintext data is stored in the state, which is currently the case as per documentation. Adding support for ephemeral "write-only" argument would solve this issue.

Affected Resource(s) or Data Source(s)

*aws_kms_ciphertext

Potential Terraform Configuration

variable "my_secret" {
  type      = string
  ephemeral = true
}

resource "aws_kms_ciphertext" "my_encrypted_secret" {
  key_id       = aws_kms_key.my_kms_key.key_id
  plaintext_wo = var.my_secret
}

References

No response

Would you like to implement the enhancement?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.