Running terraform plan exposes the client secret in plain text inside the .tfstate file. That’s a security nightmare for our shared repo. I’ve tried encrypting the state with AWS KMS, but the values are still readable once decrypted. Is there a way to use genesyscloud_oauth_client without storing the secret in state? Maybe referencing a secret store directly? Here’s my current config:
resource "genesyscloud_oauth_client" "this" {
client_id = "my-client-id"
client_secret = var.oauth_secret
}
Any workarounds?