Skip to content

Use ListSecretVersionIds when secret is write-only #44876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Use ListSecretVersionIds when secret is write-only #44876

wants to merge 1 commit into from

Conversation

@josnyder-2
Copy link

@josnyder-2 josnyder-2 commented Oct 30, 2025
edited
Loading

Description

Presently, the provider reads secrets from AWS under all circumstances, even when it is configured in write-only mode by use of secret_string_wo. As a result, it is not possible for an unprivileged user who is working with a statefile that has write-only secrets to perform a terraform plan -refresh=true.

This pull request modifies the behavior so that, when in write-only mode, we use ListSecretVersionIds instead of GetSecretValue.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 30, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/secretsmanager Issues and PRs that pertain to the secretsmanager service. size/M Managed by automation to categorize the size of a PR. labels Oct 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-triage Waiting for first response or review from a maintainer. service/secretsmanager Issues and PRs that pertain to the secretsmanager service. size/M Managed by automation to categorize the size of a PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@josnyder-2