How to read a secret from GCP secret manager in terraform

Question

I have manually enabled secretmanager API and created a secret in GCP.

I want to read this secret in my Terraform and use it for postgres instance. Following is what I have tried so far:

data "google_secret_manager_secret_version" "postgres_password" {
  provider = google-beta
  secret   = "postgres_password"
  project = local.project_id
}

module "cloud_sql" {
  source        = "../modules/public_postgres_instance"
  instance_name = "development"
  db_name = "development"
  db_user = "postgres"
  sql_password = data.google_secret_manager_secret_version.postgres_password.secret_data
}

I get following error:

What's the error message, not only where it occurs? – Marcin Dec 23 '22 at 09:13 — Marcin, Dec 23 '22 at 09:13

score 0 · Answer 1 · answered Dec 23 '22 at 20:39

This secret password will be stored in terraform.tfstate file, hence never check this file in github for prod

# read latest password version from secret manager
data "google_secret_manager_secret_version" "postgres_password" {
 secret   = "postgres_password"
}

# use ssm password for cloud sql
module "cloud_sql" {
  source        = "../modules/public_postgres_instance"
  instance_name = "development"
  db_name = "development"
  db_user = "postgres"
  sql_password = data.google_secret_manager_secret_version.postgres_password.secret_data
}

How to read a secret from GCP secret manager in terraform

1 Answers1