request: Prevent sensitive key values from being stored in Terraform state

[matthowardcohere]

Problem

The litellm_key resource stores the generated API key in plaintext in Terraform state. This is a security concern as state files may be stored in backends (S3,
Terraform Cloud, etc.) where exposure risk exists, even with encryption at rest.

Desired Behavior

The API key should not be persisted to Terraform state while still being usable during the apply phase (e.g., to write to a secrets manager).

Possible Approaches

• Write-only attributes (Terraform 1.11+) - Mark key as write-only so it's available during apply but never stored
• Ephemeral resource (Terraform 1.10+) - Provide an ephemeral variant of the key resource
• Direct secrets manager integration - Option to write the key directly to AWS SSM/Secrets Manager rather than exposing it as an attribute

References

• https://developer.hashicorp.com/terraform/plugin/framework/resources/write-only-arguments
• https://developer.hashicorp.com/terraform/language/resources/ephemeral