Skip to content

v4.0.0

Latest

Choose a tag to compare

@github-actions github-actions released this 30 Jun 15:24
ad8b10d

This is a major release focused on keeping secret values out of Terraform state, server-side password generation, smoother upgrades, and security updates. Review the breaking changes below before upgrading.

⚠ Breaking changes

  • Minimum Terraform version is now 1.11 (previously 0.13). The new write-only password attribute requires Terraform 1.11 or later. Update required_version to >= 1.11.0 before upgrading.
  • Passwords are no longer stored in Terraform state. Manage password values with the new password_value / password_wo_version attributes (see Headline features).
  • tss_resource_secret.fields attributes itemid, fieldid, slug, and fielddescription are now computed (read-only). Configurations that set any of these will now fail at plan time. Remove them from your configuration.

✨ Headline features

  • Write-only password value. The new password_value attribute, paired with the password_wo_version rotation trigger, lets you set and rotate passwords without ever writing them to terraform.tfstate.
  • Server-side password generation. The new generate (bool) attribute requests a password generated by the secret template's password policy, so a value never has to leave Secret Server. (gh #110)
  • Automatic state upgrade, v3 → v4. Existing v3 state is upgraded automatically on first apply. Upgrading from v2 is supported as a documented manual migration. (gh #106)
  • Environment-variable authentication now works. The provider correctly falls back to TSS_SERVER_URL, TSS_USERNAME, TSS_PASSWORD, TSS_TOKEN, and TSS_DOMAIN when those are set. (gh #108)

🔒 Security & infrastructure

  • gRPC updated v1.75.1 → v1.79.3 (addresses CVE-2026-33186).
  • Go toolchain updated 1.25.1 → 1.26.2 (addresses multiple GO-2026 standard-library CVEs).
  • Added a .snyk policy for the msgpack advisory (CVE-2026-2454).
  • Added a new CI workflow.

🐞 Fixes

  • Fixed an "inconsistent result after apply" error caused by a block-count mismatch in flattenSecret when a secret used a partial set of fields.
  • Marked itemvalue as sensitive so it is redacted in plan and apply output.
  • Cleaned up go vet findings in provider.go.

Full changelog: v3.1.1...v4.0.0