2

I am trying to setup a key value secret in AWS Secrets Manager with terraform. Now I would like to replace the string "AzureDiamond" with a base64 encoded json object. Can you help me how I could replace the mentioned string with the value returned by this base64encode(file("./src/secret.json"))

resource "aws_secretsmanager_secret_version" "testtools" {
    secret_id     = aws_secretsmanager_secret.testtools.id
    secret_string = "{\"config\":\"AzureDiamond\"}"
}
Marcin
  • 215,873
  • 14
  • 235
  • 294
Kaliph
  • 81
  • 10
  • 1
    Can you please clarify what you want to do? Its not clear. – Marcin Sep 15 '21 at 09:46
  • In the end I would like to have the secret_string look like so.... `secret_string = "{\"config\":base64encode(file("./src/secret.json"))}"` The key of the secret should be "config" and the value of the secret should be the base64 encoded json from the file secret.json – Kaliph Sep 15 '21 at 09:56
  • 1
    I've noticed that almost your questions got answered yet only one was accepted. Accepting useful answers is not only a good practice, but reduces duplicates and increases chances of your questions being actually answered. – Marcin Sep 15 '21 at 10:02
  • 1
    Thanks for the hint. I accepted them now. – Kaliph Sep 15 '21 at 10:16

1 Answers1

3

I think the easiest way is to use filebase64 with jsonencode:

resource "aws_secretsmanager_secret_version" "testtools" {
    secret_id     = aws_secretsmanager_secret.testtools.id
    secret_string = jsonencode({config = filebase64("./src/secret.json")})
}
Marcin
  • 215,873
  • 14
  • 235
  • 294