4

I have the following code..

data "aws_secretsmanager_secret" "db_password" {
name = "${var.db_secret}" 
}

data "aws_secretsmanager_secret_version" "db_password" { 
secret_id = "${data.aws_secretsmanager_secret.db_password.id}" 
}


master_password = "${data.aws_secretsmanager_secret_version.db_password.secret_string}"

which returns the secret_string in this case of

 secret_string = {"Test":"TestPassword"}

how do i cut out and use the TestPassword section of the secret for use as my master_password?

Simon E
  • 41
  • 2

2 Answers2

3

I had to fake up your Secrets endpoint but this test endpoint returns the same json:

So in tf...

data "external" "secret_string" {
  program = ["curl", "http://echo.jsontest.com/Test/Testpassword"]
}

output "json_data_key" {
  value = "${data.external.secret_string.result}"
}

output "PASSWORD" {
  value = "${lookup(data.external.secret_string.result, "Test")}"
}

that last output is what you were after?

${lookup(data.external.secret_string.result, "Test")}

Which gives you:

data.external.secret_string: Refreshing state...

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

PASSWORD = Testpassword
json_data_key = {
  Test = Testpassword
}

So it is certainly possible to parse json before 0.12......

James Woolfenden
  • 6,498
  • 33
  • 53
  • Thanks, i had worked something out in console doing something similar, but wasn't sure how to chain them together like you have. seems a bit messy for secretsmanager to be usable in TF.. but i want to be able to leverage this product for more than my applications... – Simon E Feb 03 '19 at 20:14
  • Cant say i've know your problem so i don't know what the solution is. if your after wanting to get secrets into config files then i would try confd, consul_template or gomplate for that. – James Woolfenden Feb 03 '19 at 22:20
2

Considering this is JSON, you probably need to wait for jsondecode in Terraform v0.12 to solve the problem.

jsondecode function Github issue

chenrui
  • 8,910
  • 3
  • 33
  • 43