set_sensitive does not redact values if the key name contains backslash

[jjayabal23]

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: 1.6.6
Provider version: 2.13.2
Kubernetes version: 1.28.9

Affected Resource(s)

• helm_release

Terraform Configuration Files

resource "helm_release" "argocd" {
  name       = "argocd"
  repository = "https://argoproj.github.io/argo-helm"
  chart      = "argo-cd"
  namespace  = kubernetes_namespace.argocd.metadata.0.name
  version    = "5.52.1"
  set_sensitive {
    name = "configs.secret.extra.accounts\\.serviceaccount\\.password"
    value = bcrypt(var.password)
  }
}

Debug Output

NOTE: In addition to Terraform debugging, please set HELM_DEBUG=1 to enable debugging info from helm.

Panic Output

Steps to Reproduce

1. terraform apply

Expected Behavior

The metadata displayed in terraform plan should have redacted the sensitive value and displayed "(sensitive value)"

configs = {
  secret = {
    extra = {
      "accounts.serviceaccount.password" = "(sensitive value)"
    }
  }
}

Actual Behavior

The metadata displays the sensitive value in clear text

configs = {
  secret = {
    extra = {
      "accounts.serviceaccount.password" = "clear-text-password"
    }
  }
}

Important Factoids

The issue does not appear when there is no backslash in the key name.

References

• helm_release metadata not cloaked when key contains "." character - revived #1004
• helm_release metadata not cloaked when key contains "." character #737
• Fix redacting sensitive values that uses backslashes #737 #746

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment