Skip to content

feat(acm-certificate): add write-only support for the private_key in aws_acm_certificate #44414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(acm-certificate): add write-only support for the private_key in aws_acm_certificate #44414

wants to merge 3 commits into from
+96 −13

Conversation

ramonvermeulen
Copy link

@ramonvermeulen ramonvermeulen commented Sep 23, 2025
edited
Loading

Rollback Plan

N/A

Changes to Security Controls

N/A

Description

Added write-only support for the private_key argument, so that it can be used in combination with an ephemeral resource to avoid the private_key being written to terraform state.

This means two new agrument:

  • private_key_wo: used to configure the actual value for the private key (not written to tfstate)
  • private_key_wo_version: used to enforce changes on the private_key_wo, should always be set in combination.

Relations

Closes #43945

References

Output from Acceptance Testing

Acceptance test:

make testacc TESTS=TestAccACMCertificate_PrivateKeyWo PKG=acm

make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f/acm-certificate-private-key-wo 🌿...
TF_ACC=1 go1.24.6 test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificate_PrivateKeyWo'  -timeout 360m -vet=off
2025/09/23 15:15:33 Creating Terraform AWS Provider (SDKv2-style)...
2025/09/23 15:15:33 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccACMCertificate_PrivateKeyWo
=== PAUSE TestAccACMCertificate_PrivateKeyWo
=== CONT  TestAccACMCertificate_PrivateKeyWo
--- PASS: TestAccACMCertificate_PrivateKeyWo (24.25s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/acm        27.935s

@github-actions GitHub Actions
Copy link
Contributor

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/acm Issues and PRs that pertain to the acm service. size/S Managed by automation to categorize the size of a PR. labels Sep 23, 2025
@github-actions github-actions bot added tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/M Managed by automation to categorize the size of a PR. labels Sep 23, 2025
@ramonvermeulen ramonvermeulen marked this pull request as ready for review September 23, 2025 13:17
@ramonvermeulen ramonvermeulen requested a review from a team as a code owner September 23, 2025 13:17
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 23, 2025
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@ramonvermeulen ramonvermeulen changed the title feat(acm-certificate): add write-only support for the private_key feat(acm-certificate): add write-only support for the private_key in aws_acm_certificate Sep 23, 2025
@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Sep 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/acm Issues and PRs that pertain to the acm service. size/M Managed by automation to categorize the size of a PR. size/S Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support in aws_acm_certificate for write-only private_key resources
2 participants
@ramonvermeulen @justinretzolk