How to use jsondecode for to decode public aws ssh keys from vault

Question

I am trying to see how to go about retrieving some aws public ssh keys from vault using terraform. Vault is returning a string instead of an array of strings, so I looks like it would have to treat the whole response as a json object. How would I use jsondecode to help me decode that string?

terrform code 
 
    terraform {
      required_providers {
        aws = {
        source  = "hashicorp/aws"
        version = "~> 4.0"
      }
    }
  }

   # Configure the AWS Provider
     provider "aws" {
     region = "us-west-1"
     }

     provider "vault" {}


     resource "aws_instance" "web" {
      ami           = "ami-1123456789p9"
      instance_type = "t3.micro"
      vpc_security_group_ids = ["sg-55552f1"] 
      subnet_id = "subnet-dee55a55"
      key_name = aws_key_pair.tf-key.key_name
  
     }

     resource "aws_key_pair" "tf-key" {
     key_name = "linuxkey"
     public_key = data.vault_kv_secret_v2.linux_key.data_json

     }


     data "vault_kv_secret_v2" "linux_key" {
     mount = "test/test/test/secret"
     name = "chef/linux_users/user"
       }

      output "testing123" {
      value = data.vault_kv_secret_v2.linux_key.data_json
      sensitive = true
      }

      output response 
    {
    "format_version": "1.1",
    "terraform_version": "1.4.3-dev",
     "planned_values": {
        "outputs": {
        "testing123": {
        "sensitive": true,
        "type": "string",
        "value": "{\"groups\":[\"itadmins\"],\"shell\":\"/bin/bash\",\"ssh_keys\": 
     [\"ssh-rsa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX etc."}"
        }
       },

score 1 · Accepted Answer · answered Jul 03 '23 at 17:23

The jsondecode function performs the serialization and marshalling required to convert the JSON formatted string into a HCL2 type. The documentation also provides the information on type coercion during the conversion.

After jsondecode(data.vault_kv_secret_v2.linux_key.data_json) returns the HCL2 type, one can then access values as usual:

jsondecode(data.vault_kv_secret_v2.linux_key.data_json)["ssh_keys"][0]

To access (for example) the zeroth element of the list containing the ssh keys in the JSON response from the Vault server.

ahh gotcha, makes sense. Thank you I will give it a try. – Carolina D Vallecillo Jul 03 '23 at 17:45 — Carolina D Vallecillo, Jul 03 '23 at 17:45

How to use jsondecode for to decode public aws ssh keys from vault

1 Answers1