[Enhancement]: Set Private Key as Sensitive for aws_sesv2_email_identity on Plans

[danhlee329]

Description

When looking at the plan for aws_sesv2_email_identity, I see the private key as plain text, this should ideally be shown as (sensitive):

# aws_sesv2_email_identity.byodkim_domain will be created
resource "aws_sesv2_email_identity" "byodkim_domain" {
    arn                         = (known after apply)
    email_identity              = "testdomain.domain"
    id                          = (known after apply)
    identity_type               = (known after apply)
    tags_all                    = (known after apply)
    verified_for_sending_status = (known after apply)

    dkim_signing_attributes {
        current_signing_key_length    = (known after apply)
        domain_signing_private_key    = "MIIEvwIBADA...." # shown as plain text, shortened for display
        domain_signing_selector       = "testselector._domainkey.testdomain"
        last_key_generation_timestamp = (known after apply)
        next_signing_key_length       = (known after apply)
        signing_attributes_origin     = (known after apply)
        status                        = (known after apply)
        tokens                        = (known after apply)
    }
}

Affected Resource(s) and/or Data Source(s)

Resource aws_sesv2_email_identity in provider hashicorp/aws (version 5.15.0)

Potential Terraform Configuration

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[danhlee329]

This is better suited as a security vulnerability, I've sent an email to security@hashicorp.com per https://github.com/hashicorp/terraform-provider-aws/security/policy referencing this issue.

[danhlee329]

Thanks for the PR, I'll close the issue after testing out changes via the latest release with the adjustment.

[danhlee329]

Was able to pull Provider version 5.18.1 and confirming that the value is now shown as (sensitive value), closing issue, thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.