Skip to content

Do not assume private key value exists after destroying tfstate #215

Description

@jeanduplessis

What happened?

As reported in crossplane-contrib/provider-upjet-gcp#307 and fixed in crossplane-contrib/provider-upjet-gcp#314, upjet can inject sensitive attributes back to the Terraform state, if they are published in a connection details secret referenced by the spec.writeConnectionSecretToRef field of a Terraformed resource. However, Terraformed resources do also support publishing connection details to a bunch of external secret stores. We need to consider bringing support for reading back such sensitive Terraform attributes from these external secret stores and injecting them into the Terraform state.

How can we reproduce it?

Follow the example in crossplane-contrib/provider-upjet-gcp#307

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions