fix(sentry_key): mark secret and dsn_secret fields as sensitive (#…

…565) * fix(resource/sentry_key): mark `secret` and `dsn_secret` fields as sensitive * data source * chore: update docs --------- Co-authored-by: Jian Yuan Lee <[email protected]>
jianyuan · Feb 8, 2025 · d42b3e5 · d42b3e5
1 parent 891ce18
commit d42b3e5
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/docs/data-sources/key.md b/docs/data-sources/key.md
@@ -57,13 +57,13 @@ data "sentry_key" "first" {
 - `dsn` (Map of String) This is a map of DSN values. The keys include `public`, `secret`, `csp`, `security`, `minidump`, `nel`, `unreal`, `cdn`, and `crons`.
 - `dsn_csp` (String, Deprecated) Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn["csp"]` instead.
 - `dsn_public` (String, Deprecated) The DSN tells the SDK where to send the events to. **Deprecated** Use `dsn["public"]` instead.
-- `dsn_secret` (String, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"]` instead.
+- `dsn_secret` (String, Sensitive, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"]` instead.
 - `javascript_loader_script` (Attributes) The JavaScript loader script configuration. (see [below for nested schema](#nestedatt--javascript_loader_script))
 - `project_id` (String) The ID of the project that the key belongs to.
 - `public` (String) The public key.
 - `rate_limit_count` (Number) Number of events that can be reported within the rate limit window.
 - `rate_limit_window` (Number) Length of time in seconds that will be considered when checking the rate limit.
-- `secret` (String) The secret key.
+- `secret` (String, Sensitive) The secret key.
 
 <a id="nestedatt--javascript_loader_script"></a>
 ### Nested Schema for `javascript_loader_script`

diff --git a/docs/resources/key.md b/docs/resources/key.md
@@ -42,11 +42,11 @@ resource "sentry_key" "default" {
 - `dsn` (Map of String) This is a map of DSN values. The keys include `public`, `secret`, `csp`, `security`, `minidump`, `nel`, `unreal`, `cdn`, and `crons`.
 - `dsn_csp` (String, Deprecated) Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn["csp"]` instead.
 - `dsn_public` (String, Deprecated) The DSN tells the SDK where to send the events to. **Deprecated** Use `dsn["public"]` instead.
-- `dsn_secret` (String, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"] instead.
+- `dsn_secret` (String, Sensitive, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"] instead.
 - `id` (String) The ID of this resource.
 - `project_id` (String) The ID of the project that the key belongs to.
 - `public` (String) The public key.
-- `secret` (String) The secret key.
+- `secret` (String, Sensitive) The secret key.
 
 <a id="nestedatt--javascript_loader_script"></a>
 ### Nested Schema for `javascript_loader_script`

diff --git a/internal/provider/data_source_client_key.go b/internal/provider/data_source_client_key.go
@@ -136,6 +136,7 @@ func (d *ClientKeyDataSource) Schema(ctx context.Context, req datasource.SchemaR
 			"secret": schema.StringAttribute{
 				MarkdownDescription: "The secret key.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"rate_limit_window": schema.Int64Attribute{
 				MarkdownDescription: "Length of time in seconds that will be considered when checking the rate limit.",
@@ -181,6 +182,7 @@ func (d *ClientKeyDataSource) Schema(ctx context.Context, req datasource.SchemaR
 				MarkdownDescription: "Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn[\"secret\"]` instead.",
 				DeprecationMessage:  "This field is deprecated and will be removed in a future version. Use `dsn[\"secret\"]` instead.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"dsn_csp": schema.StringAttribute{
 				MarkdownDescription: "Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn[\"csp\"]` instead.",

diff --git a/internal/provider/resource_client_key.go b/internal/provider/resource_client_key.go
@@ -222,6 +222,7 @@ func (r *ClientKeyResource) Schema(ctx context.Context, req resource.SchemaReque
 			"secret": schema.StringAttribute{
 				MarkdownDescription: "The secret key.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"dsn": schema.MapAttribute{
 				MarkdownDescription: "This is a map of DSN values. The keys include `public`, `secret`, `csp`, `security`, `minidump`, `nel`, `unreal`, `cdn`, and `crons`.",
@@ -237,6 +238,7 @@ func (r *ClientKeyResource) Schema(ctx context.Context, req resource.SchemaReque
 				MarkdownDescription: "Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn[\"secret\"] instead.",
 				DeprecationMessage:  "This field is deprecated and will be removed in a future version. Use `dsn[\"secret\"]` instead.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"dsn_csp": schema.StringAttribute{
 				MarkdownDescription: "Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn[\"csp\"]` instead.",