From 935575707f3fa7daf633cab801c987ddd03d9307 Mon Sep 17 00:00:00 2001
From: magic_rb <richard@brezak.sk>
Date: Sat, 7 Oct 2023 22:30:39 +0200
Subject: [PATCH] Desensitivize `pushApproles` provisioner

Signed-off-by: magic_rb <richard@brezak.sk>
---
 terranix/modules/push_approles.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terranix/modules/push_approles.nix b/terranix/modules/push_approles.nix
index ee975d7..d06ab21 100644
--- a/terranix/modules/push_approles.nix
+++ b/terranix/modules/push_approles.nix
@@ -90,7 +90,7 @@ in
           provisioner = {
             "remote-exec" = {
               inline = [
-                "echo \${vault_approle_auth_backend_role_secret_id.system-${hostname}.secret_id} > /var/secrets/approle.secretid"
+                "echo \${nonsensitive(vault_approle_auth_backend_role_secret_id.system-${hostname}.secret_id)} > /var/secrets/approle.secretid"
                 "echo \${data.vault_approle_auth_backend_role_id.system-${hostname}.role_id} > /var/secrets/approle.roleid"
               ];
             };