terragrunt icon indicating copy to clipboard operation
terragrunt copied to clipboard

Published 20 hours ago verified publisher icon gruntwork-io

SOPS json issue with complex types

Open giulianozor opened this issue 9 months ago • 1 comments

Hello, I`m trying to convert my input block variables to json encrypted with sops.

sops 3.8.1 (latest) terragrunt version 0.57.8 Terraform v1.8.1

terragrunt.hcl:

include {
  path = find_in_parent_folders()
}

locals {
  v = read_terragrunt_config(find_in_parent_folders("common.hcl"))
  src = local.v.inputs.tg_github_base)
  ref = "?ref=1.0.0" : ""
  template = "/templates/test/"
  secrets = jsondecode(sops_decrypt_file("secrets.json"))
}

terraform {
  source = "${local.src}${local.template}${local.ref}"
}

inputs = merge(local.secrets, {})

original input:

secrets = [
    { name = "sec1",              value = "abc" },
    { name = "sec2",              value = "cde" },
    { name = "sec3",             value = <<-EOF
      {
        "a1":"xxx",
        "a2":"yyy"
        }
EOF
   }]

plaintext json

"secrets": [
		{ "name": "sec1",              "value": "abc" },
		{ "name": "sec2",              "value": "cde" },
                { "name": "sec3",             "value": "{\"a1\":\"xxx\",\"a2\":\"yyy\"}"]

This produces a different sec3 value in TF_VAR_secrets. If I try to use a plain json (without stringifying the sec3 value), I get an error because the types in secrets are different. Is there a way to get the same value as the original variable (<<--EOF ... EOF) ?

Thanks!

giulianozor avatar May 09 '24 09:05 giulianozor