We’ve got a Python script that needs the client secret to generate tokens, but putting it in the genesys_cloud_auth resource feels risky since it ends up in the state file. We’re running this on a shared dev server in London and the last thing we need is secrets in plain text.
Is there a way to mask it or use a data source so the state file doesn’t store the actual string? We tried sensitive = true but it just hides the output, the state file still has it if you read the JSON. What’s the standard pattern for this?