From 6cf30811f5715211f5642b23aea24b80f7d2baa0 Mon Sep 17 00:00:00 2001
From: Garret Ruh <garret.ruh@optum.com>
Date: Mon, 8 Jun 2020 15:29:26 -0500
Subject: [PATCH] resource/aws_cognito_user_pool_client: Mark client secret as
 sensitive

Prevent the sensitive client_secret attribute being leaked in logs.
---
 aws/resource_aws_cognito_user_pool_client.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go
index 5960dc38ae5a..eb44a8e69894 100644
--- a/aws/resource_aws_cognito_user_pool_client.go
+++ b/aws/resource_aws_cognito_user_pool_client.go
@@ -30,8 +30,9 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource {
 			},
 
 			"client_secret": {
-				Type:     schema.TypeString,
-				Computed: true,
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
 			},
 
 			"generate_secret": {