random_id prints sensitive data to console

[geekofalltrades]

Terraform Version

$ terraform version
Terraform v0.11.14
+ provider.aws v2.14.0
+ provider.random v2.1.2

Affected Resource(s)

• random_id

Terraform Configuration Files

resource "random_id" "etcd_encryption_key" {
  byte_length = 32
}

Debug Output

N/A

Panic Output

N/A

Expected Behavior

The id attribute of random_id should be none, like random_string, in case it is being used to generate a secret value.

Actual Behavior

The id attribute of the random_id is the randomly generated id, causing it to be displayed on the console:

$ terraform plan                                                                                                                                                                                                                                                                                                         
Refreshing Terraform state in-memory prior to plan...                                                                                                                                                                                                                                                                    
The refreshed state will be used to calculate this plan, but will not be                                                                                                                                                                                                                                                 
persisted to local or remote state storage.                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                                                         
random_id.etcd_encryption_key: Refreshing state... (ID: ****************)

This is a shame, because this resource, with its byte_length argument and b64_std attribute, is otherwise perfect for generating an etcd encryption key for Kubernetes.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform plan

Important Factoids

N/A

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• "random_string" prints sensitive data to console #17: This is the same issue, but for a different resource.

[teamterraform]

Hello @geekofalltrades we recently have being evaluating resources within this provider and their "intended usage". While you mention this resource could be a perfect candidate for secrets, it was intended to only be an ID (and not sensitive). We have recently merged a new resource random_password, which is clear in its sensitivity. We will do our best to evaluate features or new resources to meet new application demands such as the ones you are suggesting. I will be closing this issue, however we sincerely appreciate your feedback.

[QuingKhaos]

@teamterraform random_password is missing the same outputs as random_id (eg. hex)

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.