From e87324e5297bbf2dc2b32a79c130797cd8c7b34d Mon Sep 17 00:00:00 2001
From: Aftab Alam <81828613+iaftab-alam@users.noreply.github.com>
Date: Mon, 2 Mar 2026 14:26:48 +0100
Subject: [PATCH] Add support for Concourse enableRedactSecrets configuration

Add optional variable to enable secret redaction in Concourse build logs.
Implements concourse.web.enableRedactSecrets Helm chart value with
conditional configuration support.
---
 terraform-modules/concourse/app/concourse.tf  | 5 +++++
 terraform-modules/concourse/app/variables.tf  | 6 ++++++
 terragrunt/concourse-wg-ci/app/terragrunt.hcl | 1 +
 3 files changed, 12 insertions(+)

diff --git a/terraform-modules/concourse/app/concourse.tf b/terraform-modules/concourse/app/concourse.tf
index a9ea2aa2..049b73da 100644
--- a/terraform-modules/concourse/app/concourse.tf
+++ b/terraform-modules/concourse/app/concourse.tf
@@ -58,6 +58,11 @@ data "helm_template" "concourse" {
       name  = "concourse.web.maxBuildLogsToRetain"
       value = var.concourse_max_build_logs_to_retain
     }
+  ] : [], var.concourse_enable_redact_secrets != null ? [
+    {
+      name  = "concourse.web.enableRedactSecrets"
+      value = var.concourse_enable_redact_secrets
+    }
   ] : [])
 }
 
diff --git a/terraform-modules/concourse/app/variables.tf b/terraform-modules/concourse/app/variables.tf
index 6867e5c6..5ed8da2c 100644
--- a/terraform-modules/concourse/app/variables.tf
+++ b/terraform-modules/concourse/app/variables.tf
@@ -27,4 +27,10 @@ variable "concourse_max_build_logs_to_retain" {
   description = "Optional: Max build logs to retain in Concourse"
   type        = number
   default     = null
+}
+
+variable "concourse_enable_redact_secrets" {
+  description = "Optional: Enable redacting secrets in build logs"
+  type        = bool
+  default     = null
 }
\ No newline at end of file
diff --git a/terragrunt/concourse-wg-ci/app/terragrunt.hcl b/terragrunt/concourse-wg-ci/app/terragrunt.hcl
index 5b3b4489..5430bd46 100644
--- a/terragrunt/concourse-wg-ci/app/terragrunt.hcl
+++ b/terragrunt/concourse-wg-ci/app/terragrunt.hcl
@@ -54,4 +54,5 @@ inputs = {
   concourse_container_placement_strategy = local.config.concourse_container_placement_strategy
   concourse_max_days_to_retain_build_logs = local.config.concourse_max_days_to_retain_build_logs
   concourse_max_build_logs_to_retain = local.config.concourse_max_build_logs_to_retain
+  concourse_enable_redact_secrets = try(local.config.concourse_enable_redact_secrets, null)
 }
\ No newline at end of file