Ephemeral resource for `google_apikeys_key`

[wyardley]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

I know it wasn't included in the first list, and I don't see it documented as an available value; is it possible / feasible to setup an ephemeral resource type for google_apikeys_key so that a key can be created and consumed (or stored in a secret manager secret value) without the key value being stored?

New or Affected Resource(s)

• google_apikeys_key

Potential Terraform Configuration

ephemeral "google_apikeys_key" "foo" {
  name         = "foo"
  display_name = "foo"

  restrictions {
    api_targets {
      service = "foobar.googleapis.com"
    }
  }
}

resource "google_secret_manager_secret" "foo" {
  secret_id = "foo"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "foo" {
  secret = google_secret_manager_secret.foo.id
  secret_data_wo_version = 1
  secret_data_wo = ephemeral.google_apikeys_key.foo.key_string
}

References

No response