Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to retrieve a secret in terraform from aws secret manager

I have a secret stored in secrets manager to which I have access to the arn. I want to retrieve the value from this arn and use it in terraform how can I achieve this?

I found this from terraform website

data "aws_secretsmanager_secret" "by-arn" {
  arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456"
}

How do I then retrieve the value? Meaning what is the "get-value" equivalent in terraform for an EC2 isntance?

like image 538
user_mda Avatar asked Jun 11 '20 16:06

user_mda


Video Answer


1 Answers

Here is an example. By default, aws_secretsmanager_secret_version retrieves information based on the AWSCURRENT label (a.k.a. the latest version):

data "aws_secretsmanager_secret" "secrets" {
  arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my_secrety_name-123456"
}

data "aws_secretsmanager_secret_version" "current" {
  secret_id = data.aws_secretsmanager_secret.secrets.id
}

And use data.aws_secretsmanager_secret_version.current.secret_string to get the secret. If you want to retrieve a specific value inside that secret like DATABASE_URL you can use the built-in function jsondecode:

jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["DATABASE_URL"]
like image 133
pabloxio Avatar answered Sep 27 '22 21:09

pabloxio