Running terraform apply with the genesyscloud_oauthclient resource. The client_secret and refresh_token are writing to the .tfstate file in plain text despite the sensitive flag. We’ve tried setting sensitive = true on the resource and the variables, but the state file still contains the raw credentials. Here is the block:
resource “genesyscloud_oauthclient” “main” {
name = “prod-client”
client_secret = var.oauth_secret
refresh_token = var.oauth_refresh
sensitive = true
}
Is there a way to exclude these fields from the state entirely or hash them before storage?