From c696ae72a16dc14c9cece7f0352c65354ce4e3a7 Mon Sep 17 00:00:00 2001
From: magreenbaum <melissaafgreenbaum@gmail.com>
Date: Sun, 15 Sep 2024 19:40:33 -0400
Subject: [PATCH] add secret outputs

---
 README.md                    |  2 ++
 examples/complete/README.md  |  2 ++
 examples/complete/outputs.tf | 12 ++++++++++++
 outputs.tf                   | 12 ++++++++++++
 wrappers/outputs.tf          |  2 +-
 5 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6851f76..af108dd 100644
--- a/README.md
+++ b/README.md
@@ -184,8 +184,10 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_secret_arn"></a> [secret\_arn](#output\_secret\_arn) | The ARN of the secret |
+| <a name="output_secret_binary"></a> [secret\_binary](#output\_secret\_binary) | The secret binary |
 | <a name="output_secret_id"></a> [secret\_id](#output\_secret\_id) | The ID of the secret |
 | <a name="output_secret_replica"></a> [secret\_replica](#output\_secret\_replica) | Attributes of the replica created |
+| <a name="output_secret_string"></a> [secret\_string](#output\_secret\_string) | The secret string |
 | <a name="output_secret_version_id"></a> [secret\_version\_id](#output\_secret\_version\_id) | The unique identifier of the version of the secret |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 5e15845..598b0db 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -64,10 +64,12 @@ No inputs.
 | <a name="output_rotate_secret_arn"></a> [rotate\_secret\_arn](#output\_rotate\_secret\_arn) | The ARN of the secret |
 | <a name="output_rotate_secret_id"></a> [rotate\_secret\_id](#output\_rotate\_secret\_id) | The ID of the secret |
 | <a name="output_rotate_secret_replica"></a> [rotate\_secret\_replica](#output\_rotate\_secret\_replica) | Attributes of the replica created |
+| <a name="output_rotate_secret_string"></a> [rotate\_secret\_string](#output\_rotate\_secret\_string) | The secret string |
 | <a name="output_rotate_secret_version_id"></a> [rotate\_secret\_version\_id](#output\_rotate\_secret\_version\_id) | The unique identifier of the version of the secret |
 | <a name="output_standard_secret_arn"></a> [standard\_secret\_arn](#output\_standard\_secret\_arn) | The ARN of the secret |
 | <a name="output_standard_secret_id"></a> [standard\_secret\_id](#output\_standard\_secret\_id) | The ID of the secret |
 | <a name="output_standard_secret_replica"></a> [standard\_secret\_replica](#output\_standard\_secret\_replica) | Attributes of the replica created |
+| <a name="output_standard_secret_string"></a> [standard\_secret\_string](#output\_standard\_secret\_string) | The secret string |
 | <a name="output_standard_secret_version_id"></a> [standard\_secret\_version\_id](#output\_standard\_secret\_version\_id) | The unique identifier of the version of the secret |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index d140b79..dc87c16 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -22,6 +22,12 @@ output "standard_secret_version_id" {
   value       = module.secrets_manager.secret_version_id
 }
 
+output "standard_secret_string" {
+  description = "The secret string"
+  sensitive   = true
+  value       = module.secrets_manager.secret_string
+}
+
 ################################################################################
 # Rotate
 ################################################################################
@@ -45,3 +51,9 @@ output "rotate_secret_version_id" {
   description = "The unique identifier of the version of the secret"
   value       = module.secrets_manager_rotate.secret_version_id
 }
+
+output "rotate_secret_string" {
+  description = "The secret string"
+  sensitive   = true
+  value       = module.secrets_manager_rotate.secret_string
+}
diff --git a/outputs.tf b/outputs.tf
index 6d04956..b4b412c 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -17,6 +17,18 @@ output "secret_replica" {
   value       = try(aws_secretsmanager_secret.this[0].replica, null)
 }
 
+output "secret_string" {
+  description = "The secret string"
+  sensitive   = true
+  value       = try(aws_secretsmanager_secret_version.this[0].secret_string, aws_secretsmanager_secret_version.ignore_changes[0].secret_string, null)
+}
+
+output "secret_binary" {
+  description = "The secret binary"
+  sensitive   = true
+  value       = try(aws_secretsmanager_secret_version.this[0].secret_binary, aws_secretsmanager_secret_version.ignore_changes[0].secret_binary, null)
+}
+
 ################################################################################
 # Version
 ################################################################################
diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf
index ec6da5f..a880b9e 100644
--- a/wrappers/outputs.tf
+++ b/wrappers/outputs.tf
@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false # No sensitive module output found
+  sensitive   = true # At least one sensitive module output (secret_string) found (requires Terraform 0.14+)
 }