我想用这个代码为aws秘密管理器secret_string提供vault_field的每个值。
variables.tf
variable "aws_secrets" {
type = list(
object({
aws_secret_id = string,
vault_path = string,
vault_field = string,
})
)
default = []
}
main.tf
data "vault_generic_secret" "aws_secrets" {
for_each = { for idx, val in var.aws_secrets : idx => val }
path = each.value.vault_path
}
resource "aws_secretsmanager_secret" "aws_secrets" {
for_each = { for idx, val in var.aws_secrets : idx => val }
name = "my-secrets"
}
resource "aws_secretsmanager_secret_version" "aws_secrets" {
for_each = { for idx, val in var.aws_secrets : idx => val }
secret_id = aws_secretsmanager_secret.aws_secrets[each.key].id
secret_string = jsonencode(data.vault_generic_secret.aws_secrets[2])
}
但是我得到了这个错误
Error: Invalid index
76: secret_string = jsonencode(data.vault_generic_secret.aws_secrets[2])
├────────────────
│ data.vault_generic_secret.aws_secrets is object with 1 attribute "0"
The given key does not identify an element in this collection value.}
不需要硬编码秘密的索引。您还需要实际引用secret_string属性:
secret_string = jsonencode(data.vault_generic_secret.aws_secrets[each.key]. data_json)
或
secret_string = jsonencode(data.vault_generic_secret.aws_secrets[each.key]. data)