### Terraform Version ``` Terraform v1.16.0-dev (main branch, HEAD) ``` ### Terraform Configuration Files This is an internal code issue affecting any Terraform configuration using SSH provisioners with certificate-based authentication: ```terraform resource "null_resource" "example" { connection { type = "ssh" host = "example.com" private_key = file("~/.ssh/id_rsa") certificate = file("~/.ssh/id_rsa-cert.pub") } provisioner "remote-exec" { inline = ["echo hello"] } } ``` ### Debug Output When `signCertWithPrivateKey()` encounters an error (malformed PEM, unsupported algorithm, key/cert type mismatch), the error messages include the raw private key content and certificate content formatted with `%q`. These strings propagate to terminal output and CI logs (GitHub Actions, Jenkins, etc.). ### Expected Behavior Error messages should describe the failure cause without including raw private key material. The underlying `golang.org/x/crypto/ssh` error (included via `%s`) already describes the failure cause, and distinct error prefixes identify which step failed. ### Actual Behavior `signCertWithPrivateKey()` in `internal/communicator/ssh/provisioner.go` formats private key content, certificate content, and parsed key structs into error messages using `%q`. This exposes credential material to anyone with log access. ### Steps to Reproduce 1. Review `internal/communicator/ssh/provisioner.go`, function `signCertWithPrivateKey` 2. Note the four `fmt.Errorf` calls that include `%q` formatting of key/cert content 3. Compare with the sibling function `readPrivateKey()` which correctly formats only `err`, not key content ### Additional Context The sibling function `readPrivateKey()` was already safe. I intend to submit a fix for this issue and have a working implementation on my fork. The fix removes sensitive values from the four error format strings while preserving the underlying crypto/ssh error descriptions. ### References - #30067 (related: redact sensitive values from function errors) - [moby/moby#33884](https://github.com/moby/moby/pull/33884) (similar fix in Docker/Moby) - Previously submitted as #38543 (closed; resubmitting with issue-first workflow per Contributing.md) - Fork branch with fix: [`SebTardif/terraform@fix/redact-private-key-errors`](https://github.com/SebTardif/terraform/tree/fix/redact-private-key-errors) ### Generative AI / LLM assisted development? Grok (xAI) was used as an assistant with human-in-the-loop review. All code has been reviewed and understood by the human author.