From 2ee75842c2e2521b082b536b7c4915d899b2218d Mon Sep 17 00:00:00 2001
From: Matthew Baggett <matthew@baggett.me>
Date: Mon, 20 Jan 2025 21:12:12 +0100
Subject: [PATCH] Fix data sensitivity annoyances

---
 cloud/aws/rds/tenant/input.tf | 2 +-
 utils/identity/locals.tf      | 2 +-
 utils/identity/output.tf      | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cloud/aws/rds/tenant/input.tf b/cloud/aws/rds/tenant/input.tf
index f520dab..2c7546e 100644
--- a/cloud/aws/rds/tenant/input.tf
+++ b/cloud/aws/rds/tenant/input.tf
@@ -19,7 +19,7 @@ variable "database" {
 locals {
   username = lower(var.username)
   database = lower(var.database)
-  password = try(random_password.password[0].result, var.password)
+  password = try(nonsensitive(random_password.password[0].result), var.password)
 }
 variable "engine" {
   type        = string
diff --git a/utils/identity/locals.tf b/utils/identity/locals.tf
index 6080e6e..141a809 100644
--- a/utils/identity/locals.tf
+++ b/utils/identity/locals.tf
@@ -1,5 +1,5 @@
 locals {
   username_words = var.username_words != null ? var.username_words : floor(var.username_max_length / 3)
   username       = var.username != null ? var.username : random_pet.username[0].id
-  password       = var.password != null ? sensitive(var.password) : random_password.password[0].result
+  password       = var.password != null ? nonsensitive(var.password) : nonsensitive(random_password.password[0].result)
 }
\ No newline at end of file
diff --git a/utils/identity/output.tf b/utils/identity/output.tf
index e632652..6fb3dca 100644
--- a/utils/identity/output.tf
+++ b/utils/identity/output.tf
@@ -1,6 +1,6 @@
 output "username" {
-  value = local.username
+  value = nonsensitive(local.username)
 }
 output "password" {
-  value = local.password
+  value = nonsensitive(local.password)
 }
\ No newline at end of file