Home > database >  Terraform Pass Cosmos Database Connection String to KeyVault
Terraform Pass Cosmos Database Connection String to KeyVault

Time:11-24

I have recently created a cosmos database in Terraform and I am trying to pass its database connection string as a secret in keyvault, but when doing this I get the following error:

Error: Incorrect attribute value type │ │ on keyvault.tf line 282, in resource "azurerm_key_vault_secret" "Authentication_Server_Cosmos_DB_ConnectionString": │ 282: value = azurerm_cosmosdb_account.nsauthsrvcosmosdb.connection_strings │ ├──────────────── │ │ azurerm_cosmosdb_account.nsauthsrvcosmosdb.connection_strings has a sensitive value │ │ Inappropriate value for attribute "value": string required.

I have also tried to use the sensitive argument but key vault does not like that argument also I cant find any documentation on how to do this. On the Terraform website it just has it listed as an attribute you can call on.

My Terraform Secret code is bellow, I wont put all my code in here as Stack overflow doesn't like the amount of code that I have.

So please presume, I am using the latest Azurerm agent, and all the rest of my code is correct its just the secret part that's not working.

resource "azurerm_key_vault_secret" "Authentication_Server_Cosmos_DB_ConnectionString" { //Auth Server Cosmos Connection String Secret
  name         = "AuthenticationServerCosmosDBConnectionString"
  value        = azurerm_cosmosdb_account.nsauthsrvcosmosdb.connection_strings 
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_cosmosdb_account.nsauthsrvcosmosdb,
  ]

}
<iframe name="sif1" sandbox="allow-forms allow-modals allow-scripts" frameborder="0"></iframe>

CodePudding user response:

There are 4 connection Strings inside the value that you have given and also the values are of type secure_string . So you need to convert them to String Value and apply index for which value you want to store in the keyvault.

For Storing all the the 4 Connection Strings you can use below :

resource "azurerm_key_vault_secret" "example" {
  count = length(azurerm_cosmosdb_account.nsauthsrvcosmosdb.connection_strings)
  name         = "AuthenticationServerCosmosDBConnectionString-${count.index}"
  value        = tostring("${azurerm_cosmosdb_account.nsauthsrvcosmosdb.connection_strings[count.index]}")
  key_vault_id = azurerm_key_vault.example.id
}

Outputs:

enter image description here

enter image description here

enter image description here

If you want to store only one connection string then you can use index as per your requirement (for example : if you want to store the first connection_string then use '0' as index and like wise 1/2/3 .) in the below code:

resource "azurerm_key_vault_secret" "example1" {
  name         = "AuthenticationServerCosmosDBConnectionString"
  value        = tostring("${azurerm_cosmosdb_account.nsauthsrvcosmosdb.connection_strings[0]}")
  key_vault_id = azurerm_key_vault.example.id
}

Outputs:

enter image description here

enter image description here

  • Related