Hey folks, running into a security snag with the genesyscloud provider. When I define an oauth2_client resource, the client_secret ends up in plaintext in the terraform.tfstate file, which is a no-go for our compliance team.
I tried using the sensitive flag on the input variable, but the state file still exposes the value. Is there a way to store the secret in AWS Secrets Manager and reference it in the HCL without it leaking to the state file?
Current config:
resource "genesyscloud_oauth2_client" "my_client" {
name = "My Client"
client_secret = var.oauth_secret # This shows up in tfstate
}
Any ideas?