我在AWS秘密管理器上有一些秘密。我已经创建了所有秘密的ARN列表,看起来像这样
secretList = {
"secret1" = "ARN1",
"secret2" = "ARN2"
}
我可以使用数据源检索单个秘密的内容,例如
//Get the secret ID
data "aws_secretsmanager_secret" "secrets" {
arn = "ARN1"
}
//Retrive the latest content
data "aws_secretsmanager_secret_version" "current" {
secret_id = data.aws_secretsmanager_secret.secrets.id
}
现在我想创建一个包含所有秘密内容的列表,我该怎么做呢?由于每个秘密都可以有多对键/值,我认为结果应该是这样的:
secretValue = {
"secret1" = {"key1" = "value1","key2" = "value2"},
"secret2" = {"key1" = "value1","key2" = "value2","key3" = "value3"}
}
可以使用for_each:
data "aws_secretsmanager_secret" "secrets" {
for_each = var.secretList
arn = each.value
}
data "aws_secretsmanager_secret_version" "current" {
for_each = var.secretList
secret_id = data.aws_secretsmanager_secret.secrets[each.key].id
}
然后您可以使用以下命令访问这些秘密,例如:
data.aws_secretsmanager_secret_version.current["secret1"].secret_string