I want to feed each value of the vault_field for aws secret manager secret_string with this code.

variables.tf

variable "aws_secrets" {
  type = list(
    object({
      aws_secret_id = string,
      vault_path    = string,
      vault_field   = string,
    })
  )
  default = []
}

main.tf

data "vault_generic_secret" "aws_secrets" {
  for_each = { for idx, val in var.aws_secrets : idx => val }

  path = each.value.vault_path
}

resource "aws_secretsmanager_secret" "aws_secrets" {
  for_each                = { for idx, val in var.aws_secrets : idx => val }
  name                    = "my-secrets"
}

resource "aws_secretsmanager_secret_version" "aws_secrets" {
  for_each      = { for idx, val in var.aws_secrets : idx => val }
  secret_id     = aws_secretsmanager_secret.aws_secrets[each.key].id
  secret_string = jsonencode(data.vault_generic_secret.aws_secrets[2])
}

however I get this error

Error: Invalid index

76:   secret_string = jsonencode(data.vault_generic_secret.aws_secrets[2])
├────────────────
│ data.vault_generic_secret.aws_secrets is object with 1 attribute "0"

The given key does not identify an element in this collection value.}

CodePudding user response：

There is no need to hardcode an index of the secret. You also need to actually refer to secret_string attribute:

secret_string = jsonencode(data.vault_generic_secret.aws_secrets[each.key].   data_json)

or

secret_string = jsonencode(data.vault_generic_secret.aws_secrets[each.key].   data)