From d42b3e5256876d8dbb65527501b2a9a5d4c2f633 Mon Sep 17 00:00:00 2001
From: auvred <61150013+auvred@users.noreply.github.com>
Date: Sat, 8 Feb 2025 23:19:47 +0300
Subject: [PATCH] fix(sentry_key): mark `secret` and `dsn_secret` fields as
 sensitive (#565)

* fix(resource/sentry_key): mark `secret` and `dsn_secret` fields as sensitive

* data source

* chore: update docs

---------

Co-authored-by: Jian Yuan Lee <jianyuan@gmail.com>
---
 docs/data-sources/key.md                    | 4 ++--
 docs/resources/key.md                       | 4 ++--
 internal/provider/data_source_client_key.go | 2 ++
 internal/provider/resource_client_key.go    | 2 ++
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/docs/data-sources/key.md b/docs/data-sources/key.md
index a831e638..94eddbc2 100644
--- a/docs/data-sources/key.md
+++ b/docs/data-sources/key.md
@@ -57,13 +57,13 @@ data "sentry_key" "first" {
 - `dsn` (Map of String) This is a map of DSN values. The keys include `public`, `secret`, `csp`, `security`, `minidump`, `nel`, `unreal`, `cdn`, and `crons`.
 - `dsn_csp` (String, Deprecated) Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn["csp"]` instead.
 - `dsn_public` (String, Deprecated) The DSN tells the SDK where to send the events to. **Deprecated** Use `dsn["public"]` instead.
-- `dsn_secret` (String, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"]` instead.
+- `dsn_secret` (String, Sensitive, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"]` instead.
 - `javascript_loader_script` (Attributes) The JavaScript loader script configuration. (see [below for nested schema](#nestedatt--javascript_loader_script))
 - `project_id` (String) The ID of the project that the key belongs to.
 - `public` (String) The public key.
 - `rate_limit_count` (Number) Number of events that can be reported within the rate limit window.
 - `rate_limit_window` (Number) Length of time in seconds that will be considered when checking the rate limit.
-- `secret` (String) The secret key.
+- `secret` (String, Sensitive) The secret key.
 
 <a id="nestedatt--javascript_loader_script"></a>
 ### Nested Schema for `javascript_loader_script`
diff --git a/docs/resources/key.md b/docs/resources/key.md
index 273852b2..6702af0a 100644
--- a/docs/resources/key.md
+++ b/docs/resources/key.md
@@ -42,11 +42,11 @@ resource "sentry_key" "default" {
 - `dsn` (Map of String) This is a map of DSN values. The keys include `public`, `secret`, `csp`, `security`, `minidump`, `nel`, `unreal`, `cdn`, and `crons`.
 - `dsn_csp` (String, Deprecated) Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn["csp"]` instead.
 - `dsn_public` (String, Deprecated) The DSN tells the SDK where to send the events to. **Deprecated** Use `dsn["public"]` instead.
-- `dsn_secret` (String, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"] instead.
+- `dsn_secret` (String, Sensitive, Deprecated) Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn["secret"] instead.
 - `id` (String) The ID of this resource.
 - `project_id` (String) The ID of the project that the key belongs to.
 - `public` (String) The public key.
-- `secret` (String) The secret key.
+- `secret` (String, Sensitive) The secret key.
 
 <a id="nestedatt--javascript_loader_script"></a>
 ### Nested Schema for `javascript_loader_script`
diff --git a/internal/provider/data_source_client_key.go b/internal/provider/data_source_client_key.go
index 64c31530..54d2ca67 100644
--- a/internal/provider/data_source_client_key.go
+++ b/internal/provider/data_source_client_key.go
@@ -136,6 +136,7 @@ func (d *ClientKeyDataSource) Schema(ctx context.Context, req datasource.SchemaR
 			"secret": schema.StringAttribute{
 				MarkdownDescription: "The secret key.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"rate_limit_window": schema.Int64Attribute{
 				MarkdownDescription: "Length of time in seconds that will be considered when checking the rate limit.",
@@ -181,6 +182,7 @@ func (d *ClientKeyDataSource) Schema(ctx context.Context, req datasource.SchemaR
 				MarkdownDescription: "Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn[\"secret\"]` instead.",
 				DeprecationMessage:  "This field is deprecated and will be removed in a future version. Use `dsn[\"secret\"]` instead.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"dsn_csp": schema.StringAttribute{
 				MarkdownDescription: "Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn[\"csp\"]` instead.",
diff --git a/internal/provider/resource_client_key.go b/internal/provider/resource_client_key.go
index 369c2e7f..cda3747a 100644
--- a/internal/provider/resource_client_key.go
+++ b/internal/provider/resource_client_key.go
@@ -222,6 +222,7 @@ func (r *ClientKeyResource) Schema(ctx context.Context, req resource.SchemaReque
 			"secret": schema.StringAttribute{
 				MarkdownDescription: "The secret key.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"dsn": schema.MapAttribute{
 				MarkdownDescription: "This is a map of DSN values. The keys include `public`, `secret`, `csp`, `security`, `minidump`, `nel`, `unreal`, `cdn`, and `crons`.",
@@ -237,6 +238,7 @@ func (r *ClientKeyResource) Schema(ctx context.Context, req resource.SchemaReque
 				MarkdownDescription: "Deprecated DSN includes a secret which is no longer required by newer SDK versions. If you are unsure which to use, follow installation instructions for your language. **Deprecated** Use `dsn[\"secret\"] instead.",
 				DeprecationMessage:  "This field is deprecated and will be removed in a future version. Use `dsn[\"secret\"]` instead.",
 				Computed:            true,
+				Sensitive:           true,
 			},
 			"dsn_csp": schema.StringAttribute{
 				MarkdownDescription: "Security header endpoint for features like CSP and Expect-CT reports. **Deprecated** Use `dsn[\"csp\"]` instead.",