What happened?
As reported in crossplane-contrib/provider-upjet-gcp#307 and fixed in crossplane-contrib/provider-upjet-gcp#314, upjet can inject sensitive attributes back to the Terraform state, if they are published in a connection details secret referenced by the spec.writeConnectionSecretToRef field of a Terraformed resource. However, Terraformed resources do also support publishing connection details to a bunch of external secret stores. We need to consider bringing support for reading back such sensitive Terraform attributes from these external secret stores and injecting them into the Terraform state.
How can we reproduce it?
Follow the example in crossplane-contrib/provider-upjet-gcp#307
What happened?
As reported in crossplane-contrib/provider-upjet-gcp#307 and fixed in crossplane-contrib/provider-upjet-gcp#314, upjet can inject sensitive attributes back to the Terraform state, if they are published in a connection details secret referenced by the
spec.writeConnectionSecretToReffield of a Terraformed resource. However, Terraformed resources do also support publishing connection details to a bunch of external secret stores. We need to consider bringing support for reading back such sensitive Terraform attributes from these external secret stores and injecting them into the Terraform state.How can we reproduce it?
Follow the example in crossplane-contrib/provider-upjet-gcp#307