Just noticed that the genesyscloud_oauth_client resource stores the client_secret in plaintext within the .tfstate file. I’m using the official Genesys Cloud Terraform provider v1.12.0 and I need this value to be sensitive to avoid leaking credentials in our CI/CD logs and state backups.
I’ve tried setting sensitive = true on the resource, but it doesn’t seem to mask the attribute in the state file output. Is there a specific way to configure the provider or the resource to ensure the secret is not persisted in the state file, or do I need to use an external secret manager integration instead?