Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sanitize: allow for the sanitization of sensitive values #34

Merged
merged 1 commit into from May 7, 2021
Merged

sanitize: allow for the sanitization of sensitive values #34

merged 1 commit into from May 7, 2021

Commits on May 6, 2021

  1. sanitize: allow for the sanitization of sensitive values 

    This adds a new package and functions for sanitization of values marked
as sensitive in the plan, where we can get particular data to do it.

This data is derived in a number of ways, also documented in the
top-level SanitizePlan function:

* ResourceChanges are sanitized based on BeforeSensitive and
AfterSensitive fields.

* Variables are sanitized based on variable config data found in the
root module of the Config.

* PlannedValues are sanitized based on the values found in
AfterSensitive in ResourceChanges. Outputs are sanitized according to
the appropriate sensitivity flags provided for the output.

* PriorState is sanitized based on the values found in BeforeSensitive
in ResourceChanges. Outputs are sanitized according to the appropriate
sensitivity flags provided for the output.

* OutputChanges are sanitized based on the values found in
BeforeSensitive and AfterSensitive. This generally means that any
sensitive output will have OutputChange fully obfuscated as the
BeforeSensitive and AfterSensitive in outputs are opaquely the same.
    @vancluever
    vancluever committed May 6, 2021
    Configuration menu
    Copy the full SHA
    70b0331 View commit details
    Browse the repository at this point in the history