security: mark sensitive variables as sensitive

tiagoboeing · tiagoboeing · commit 87c1f40b5a05 · 2025-12-23T20:54:58.000-03:00
diff --git a/app-runner/inputs.tf b/app-runner/inputs.tf
@@ -28,6 +28,7 @@ variable "ssm_secrets" {
   description = "Map of environment variable names to SSM parameter names for secrets"
   type        = map(string)
   default     = {}
+  sensitive   = true
   # Eg.: { "DATABASE_PASSWORD" = "/app/db/password" }
 }
 
diff --git a/cognito-user-pool/inputs.tf b/cognito-user-pool/inputs.tf
@@ -36,6 +36,7 @@ variable "linkedin_credentials" {
   description = "Linkedin OIDC settings"
   type        = map(string)
   default     = {}
+  sensitive   = true
 }
 
 variable "google_credentials" {

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ variable "ssm_secrets" {`
`28`	`28`	`description = "Map of environment variable names to SSM parameter names for secrets"`
`29`	`29`	`type = map(string)`
`30`	`30`	`default = {}`
	`31`	`+ sensitive = true`
`31`	`32`	`# Eg.: { "DATABASE_PASSWORD" = "/app/db/password" }`
`32`	`33`	`}`
`33`	`34`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ variable "linkedin_credentials" {`
`36`	`36`	`description = "Linkedin OIDC settings"`
`37`	`37`	`type = map(string)`
`38`	`38`	`default = {}`
	`39`	`+ sensitive = true`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`variable "google_credentials" {`