2

I have manually enabled secretmanager API and created a secret in GCP.

I want to read this secret in my Terraform and use it for postgres instance. Following is what I have tried so far:

data "google_secret_manager_secret_version" "postgres_password" {
  provider = google-beta
  secret   = "postgres_password"
  project = local.project_id
}

module "cloud_sql" {
  source        = "../modules/public_postgres_instance"
  instance_name = "development"
  db_name = "development"
  db_user = "postgres"
  sql_password = data.google_secret_manager_secret_version.postgres_password.secret_data
}

I get following error: enter image description here

Aseem
  • 5,848
  • 7
  • 45
  • 69

1 Answers1

0

This secret password will be stored in terraform.tfstate file, hence never check this file in github for prod

# read latest password version from secret manager
data "google_secret_manager_secret_version" "postgres_password" {
 secret   = "postgres_password"
}

# use ssm password for cloud sql
module "cloud_sql" {
  source        = "../modules/public_postgres_instance"
  instance_name = "development"
  db_name = "development"
  db_user = "postgres"
  sql_password = data.google_secret_manager_secret_version.postgres_password.secret_data
}
Aseem
  • 5,848
  • 7
  • 45
  • 69