From d7819618c35fcc8f1f1a765d624c161ef5669a7e Mon Sep 17 00:00:00 2001 From: Pawel Pesz Date: Wed, 23 Apr 2025 16:05:54 +0100 Subject: [PATCH 1/2] fix: Do not expose sensitive Docker additional options --- package.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.tf b/package.tf index 34322514..76fc2862 100644 --- a/package.tf +++ b/package.tf @@ -49,7 +49,7 @@ data "external" "archive_prepare" { resource "local_file" "archive_plan" { count = var.create && var.create_package ? 1 : 0 - content = data.external.archive_prepare[0].result.build_plan + content = var.build_in_docker && anytrue([for option in var.docker_additional_options : issensitive(option)]) ? sensitive(data.external.archive_prepare[0].result.build_plan) : data.external.archive_prepare[0].result.build_plan filename = data.external.archive_prepare[0].result.build_plan_filename directory_permission = "0755" file_permission = "0644" From 27c83c9e58ba02049f66059ac808c33c645da7d3 Mon Sep 17 00:00:00 2001 From: Pawel Pesz Date: Thu, 24 Apr 2025 08:59:54 +0100 Subject: [PATCH 2/2] fix: issensitive function requires Terraform 1.8 --- package.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.tf b/package.tf index 76fc2862..bbff086c 100644 --- a/package.tf +++ b/package.tf @@ -49,7 +49,7 @@ data "external" "archive_prepare" { resource "local_file" "archive_plan" { count = var.create && var.create_package ? 1 : 0 - content = var.build_in_docker && anytrue([for option in var.docker_additional_options : issensitive(option)]) ? sensitive(data.external.archive_prepare[0].result.build_plan) : data.external.archive_prepare[0].result.build_plan + content = var.build_in_docker ? sensitive(data.external.archive_prepare[0].result.build_plan) : data.external.archive_prepare[0].result.build_plan filename = data.external.archive_prepare[0].result.build_plan_filename directory_permission = "0755" file_permission = "0644"