Add Warnings about sensitive Google Credentials in Remote State (#5953) (#4239)

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/5953.txt

@@ -0,0 +1,3 @@
+```release-note:none
+
+```

website/docs/d/client_config.html.markdown

@@ -11,6 +11,9 @@ description: |-
 
 Use this data source to access the configuration of the Google Cloud provider.
 
+-> **Warning**: This resource persists a sensitive credential in the [remote state](https://www.terraform.io/language/state/sensitive-data) used by Terraform.
+Please take appropriate measures to protect your remote state.
+
 ## Example Usage
 
 ```tf
@@ -34,8 +37,6 @@ data "google_container_cluster" "my_cluster" {
 }
 
 provider "kubernetes" {
-  load_config_file = false
-
   host  = "https://${data.google_container_cluster.my_cluster.endpoint}"
   token = data.google_client_config.default.access_token
   cluster_ca_certificate = base64decode(

website/docs/d/client_openid_userinfo.html.markdown

@@ -19,7 +19,7 @@ authentication with GKE and configure an RBAC role for the email used.
 
 ~> This resource will only work as expected if the provider is configured to
 use the `https://www.googleapis.com/auth/userinfo.email` scope! You will
-receive an error otherwise.
+receive an error otherwise. The provider uses this scope by default.
 
 ## Example Usage - exporting an email
 
@@ -47,8 +47,6 @@ data "google_container_cluster" "my_cluster" {
 }
 
 provider "kubernetes" {
-  load_config_file = false
-
   host  = "https://${data.google_container_cluster.my_cluster.endpoint}"
   token = data.google_client_config.provider.access_token
   cluster_ca_certificate = base64decode(

website/docs/r/container_cluster.html.markdown

@@ -19,9 +19,9 @@ Manages a Google Kubernetes Engine (GKE) cluster. For more information see
 [the official documentation](https://cloud.google.com/container-engine/docs/clusters)
 and [the API reference](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters).
 
-~> **Note:** All arguments and attributes, including basic auth username and
+~> **Warning:** All arguments and attributes, including basic auth username and
 passwords as well as certificate outputs will be stored in the raw state as
-plaintext. [Read more about sensitive data in state](/language/state/sensitive-data.html).
+plaintext. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
 
 ## Example Usage - with a separately managed node pool (recommended)
 
@@ -999,7 +999,7 @@ exported:
     to authenticate to the cluster endpoint.
 
 * `master_auth.0.cluster_ca_certificate` - Base64 encoded public certificate
-    that is the root of trust for the cluster.
+    that is the root certificate of the cluster.
 
 * `master_version` - The current version of the master in the cluster. This may
     be different than the `min_master_version` set in the config if the master

website/docs/r/google_service_account_key.html.markdown

@@ -9,7 +9,10 @@ description: |-
 
 # google_service_account_key
 
-Creates and manages service account keys, which allow the use of a service account outside of Google Cloud. 
+Creates and manages service account keys, which allow the use of a service account with Google Cloud.
+
+-> **Warning**: This resource persists a sensitive credential in plaintext in the [remote state](https://www.terraform.io/language/state/sensitive-data) used by Terraform.
+Please take appropriate measures to protect your remote state.
 
 * [API documentation](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys)
 * How-to Guides