terraform-provider-vault
terraform-provider-vault copied to clipboard
hashicorp
Is it possible to append secrets while preserving the manually added existing secrets
Hello,
Is it possible to append secrets while preserving the manually added existing secrets? Please refer to the details provided below.
Terraform Version
Terraform v1.3.7 on darwin_amd64
Affected Resource(s)
- vault_generic_secret
Terraform Configuration
resource "vault_generic_secret" "db-mysql-secrets" {
count = 1
path = "kv/secret/databases/mysql/${terraform.workspace}/testdb"
data_json = <<EOT
{
"MASTER_USERNAME": "${var.rds_aurora_mysql_db_master_username}",
"MASTER_PASSWORD": "${random_password.db-mysql.0.result}",
"METABASE_USERNAME": "${var.rds_aurora_mysql_db_metabase_username}",
"METABASE_PASSWORD": "${random_password.db-mysql.1.result}"
}
EOT
# lifecycle {
# ignore_changes = [
# data_json,
# ]
# }
}
Debug Output
N/A
Panic Output
N/A
Expected Behavior
When there are manually added secrets in the vault, instead of removing those manually added values, it should append the values defined in vault_generic_secret while retaining the existing ones.
Actual Behavior
Executing terraform apply causes the removal of manually added secrets in the vault, replacing them solely with the values specified in vault_generic_secret.
Steps to Reproduce
terraform apply
Important Factoids
N/A
References
N/A
I am unaware if there is native way to instruct secret resources to preserve old values however you can combine data block with resource block to achieve this.
data "vault_generic_secret" "db-mysql-secrets" {
path = ......
}
locals {
new_parameters_and_values = {
"MASTER_USERNAME": "${var.rds_aurora_mysql_db_master_username}",
"MASTER_PASSWORD": "${random_password.db-mysql.0.result}",
"METABASE_USERNAME": "${var.rds_aurora_mysql_db_metabase_username}",
"METABASE_PASSWORD": "${random_password.db-mysql.1.result}"
}
}
resource "vault_generic_secret" "db-mysql-secrets" {
path = .......
data_json = jsonencode(merge(data.vault_generic_secret.db-mysql-secrets.data), local.new_parameters_and_values )
}
