hashicorp · katbyte · Oct 18, 2018 · Sep 5, 2018 · Sep 7, 2018 · Sep 7, 2018
diff --git a/azurerm/config.go b/azurerm/config.go
@@ -15,7 +15,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/cdn/mgmt/2017-10-12/cdn"
 	"github.com/Azure/azure-sdk-for-go/services/cognitiveservices/mgmt/2017-04-18/cognitiveservices"
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-06-01/compute"
-	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-04-01/containerinstance"
+	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-06-01/containerinstance"
 	"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry"
 	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2018-03-31/containerservice"
 	"github.com/Azure/azure-sdk-for-go/services/cosmos-db/mgmt/2015-04-08/documentdb"

diff --git a/azurerm/resource_arm_container_group.go b/azurerm/resource_arm_container_group.go
@@ -5,7 +5,7 @@ import (
 	"log"
 	"strings"
 
-	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-04-01/containerinstance"
+	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-06-01/containerinstance"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
@@ -169,6 +169,13 @@ func resourceArmContainerGroup() *schema.Resource {
 							ForceNew: true,
 						},
 
+						"secure_environment_variables": {
+							Type:      schema.TypeMap,
+							Optional:  true,
+							ForceNew:  true,
+							Sensitive: true,
+						},
+
 						"command": {
 							Type:       schema.TypeString,
 							Optional:   true,
@@ -564,10 +571,24 @@ func expandContainerGroupContainers(d *schema.ResourceData) (*[]containerinstanc
 			containerGroupPorts = append(containerGroupPorts, containerGroupPort)
 		}
 
+		// Set both secure and non-secure environment variables
+		var envVars *[]containerinstance.EnvironmentVariable
+		var secEnvVars *[]containerinstance.EnvironmentVariable
+
 		if v, ok := data["environment_variables"]; ok {
-			container.EnvironmentVariables = expandContainerEnvironmentVariables(v)
+			envVars = expandContainerEnvironmentVariables(v, false)
+		}
+
+		if v, ok := data["secure_environment_variables"]; ok {
+			secEnvVars = expandContainerEnvironmentVariables(v, true)
 		}
 
+		for _, v := range *secEnvVars {
+			*envVars = append(*envVars, v)
+		}
+
+		container.EnvironmentVariables = envVars
+
 		if v, ok := data["commands"]; ok {
 			c := v.([]interface{})
 			command := make([]string, 0)
@@ -599,18 +620,33 @@ func expandContainerGroupContainers(d *schema.ResourceData) (*[]containerinstanc
 	return &containers, &containerGroupPorts, &containerGroupVolumes
 }
 
-func expandContainerEnvironmentVariables(input interface{}) *[]containerinstance.EnvironmentVariable {
+func expandContainerEnvironmentVariables(input interface{}, secure bool) *[]containerinstance.EnvironmentVariable {
+
 	envVars := input.(map[string]interface{})
 	output := make([]containerinstance.EnvironmentVariable, 0)
 
-	for k, v := range envVars {
-		ev := containerinstance.EnvironmentVariable{
-			Name:  utils.String(k),
-			Value: utils.String(v.(string)),
+	if secure == true {
+
+		for k, v := range envVars {
+			ev := containerinstance.EnvironmentVariable{
+				Name:        utils.String(k),
+				SecureValue: utils.String(v.(string)),
+			}
+
+			output = append(output, ev)
 		}
-		output = append(output, ev)
-	}
 
+	} else {
+
+		for k, v := range envVars {
+			ev := containerinstance.EnvironmentVariable{
+				Name:  utils.String(k),
+				Value: utils.String(v.(string)),
+			}
+
+			output = append(output, ev)
+		}
+	}
 	return &output
 }
 

diff --git a/azurerm/resource_arm_container_group_test.go b/azurerm/resource_arm_container_group_test.go
@@ -173,6 +173,9 @@ func TestAccAzureRMContainerGroup_linuxComplete(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "container.0.environment_variables.%", "2"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.environment_variables.foo", "bar"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.environment_variables.foo1", "bar1"),
+					resource.TestCheckResourceAttr(resourceName, "container.0.secure_environment_variables.%", "2"),
+					resource.TestCheckResourceAttr(resourceName, "container.0.secure_environment_variables.foo", "bar"),
+					resource.TestCheckResourceAttr(resourceName, "container.0.secure_environment_variables.foo1", "bar1"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.volume.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.volume.0.mount_path", "/aci/logs"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.volume.0.name", "logs"),
@@ -245,6 +248,9 @@ func TestAccAzureRMContainerGroup_windowsComplete(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "container.0.environment_variables.%", "2"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.environment_variables.foo", "bar"),
 					resource.TestCheckResourceAttr(resourceName, "container.0.environment_variables.foo1", "bar1"),
+					resource.TestCheckResourceAttr(resourceName, "container.0.secure_environment_variables.%", "2"),
+					resource.TestCheckResourceAttr(resourceName, "container.0.secure_environment_variables.foo", "bar"),
+					resource.TestCheckResourceAttr(resourceName, "container.0.secure_environment_variables.foo1", "bar1"),
 					resource.TestCheckResourceAttr(resourceName, "os_type", "Windows"),
 					resource.TestCheckResourceAttr(resourceName, "restart_policy", "Never"),
 				),
@@ -308,7 +314,7 @@ resource "azurerm_container_group" "test" {
     memory = "0.5"
 	  port   = "80"
   }
-  
+
   image_registry_credential {
     server   = "hub.docker.com"
     username = "yourusername"
@@ -356,7 +362,7 @@ resource "azurerm_container_group" "test" {
     memory = "0.5"
 	  port   = "80"
   }
-  
+
   image_registry_credential {
     server   = "hub.docker.com"
     username = "updatedusername"
@@ -469,6 +475,12 @@ resource "azurerm_container_group" "test" {
 		"foo"  = "bar"
 		"foo1" = "bar1"
 	}
+
+	secure_environment_variables {
+		"secureFoo"  = "secureBar"
+		"secureFoo1" = "secureBar1"
+	}
+
 	commands = ["cmd.exe", "echo", "hi"]
   }
 
@@ -536,6 +548,11 @@ resource "azurerm_container_group" "test" {
 			"foo1" = "bar1"
 		}
 
+		secure_environment_variables {
+			"secureFoo"  = "secureBar"
+			"secureFoo1" = "secureBar1"
+		}
+
 		commands = ["/bin/bash", "-c", "ls"]
 	}
 

diff --git a/...e/azure-sdk-for-go/services/containerinstance/mgmt/2018-06-01/containerinstance/client.go b/...e/azure-sdk-for-go/services/containerinstance/mgmt/2018-06-01/containerinstance/client.go