### Terraform Version ```shell Terraform v1.10.4 on darwin_arm64 + provider registry.terraform.io/hashicorp/aws v5.84.0 + provider registry.terraform.io/hashicorp/kubernetes v2.35.1 + provider registry.terraform.io/hashicorp/random v3.6.3 ``` ### Terraform Configuration Files Null check causes the map to be marked as sensitive ```terraform resource "aws_lambda_function" "lambda" { function_name = "${var.identifier}-lambda" ... dynamic "environment" { # if environment_variables isn't empty, or if its GovCloud for_each = var.environment_variables != null ? [1] : [] content { variables = data.aws_partition.current.partition == "aws-us-gov" ? merge( var.environment_variables, { AWS_USE_FIPS_ENDPOINT : "true" } ) : var.environment_variables } } } ``` The below works as expected ```terraform dynamic "environment" { # if environment_variables isn't empty, or if its GovCloud for_each = length(var.environment_variables) > 0 ? [1] : [] content { variables = data.aws_partition.current.partition == "aws-us-gov" ? merge( var.environment_variables, { AWS_USE_FIPS_ENDPOINT : "true" } ) : var.environment_variables } } ``` ### Debug Output ``` ...debug output, or link to a gist... ``` ### Expected Behavior ``` environment { ~ variables = { + "SOME_KEY" = "whatever" # (8 unchanged elements hidden) } } ``` ### Actual Behavior ``` environment { # Warning: this attribute value will be marked as sensitive and will not # display in UI output after applying this change. ~ variables = (sensitive value) } ``` ### Steps to Reproduce terraform init terraform plan Notice the values are hidden from the plan output when there is a null check ### Additional Context _No response_ ### References _No response_ ### Generative AI / LLM assisted development? _No response_