add secret_binary attribute to aws_secretsmanager_secret_version data source

[sw-carlin]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Thank you for providing the aws_secretsmanager_secret_version data source for us to use. I have found that I cannot store multiline strings, such as ssh keys in the SecretString property as aws mangles them. I can however store them in the SecretBinary property without issue but Terraform doesn't support that property yet.

Please add a secret_binary attribute to the aws_secretsmanager_secret_version data source.

The resource with the same name could also be updated but frankly I don't think terraform should be managing secret values because that requires storing the secrets somewhere else before giving them to terraform which not only duplicates some of the functionality of secrets manager but breaks other aspects of it like secret rotation.

New or Affected Resource(s)

• data aws_secretsmanager_secret_version
• resource aws_secretsmanager_secret_version

Potential Terraform Configuration

variable "ssh_key" {}

resource "aws_secretsmanager_secret" "ssh_key" {
  name        = "ssh-key"
  description = "the ssh private key for logging into the bastion as the sqitch user"
  secret_binary = "${variable.ssh_key.value}"
}

data "aws_secretsmanager_secret" "ssh_key" {
  name = "ssh-key"
}

data "aws_secretsmanager_secret_version" "ssh_key" {
  secret_id = "${data.aws_secretsmanager_secret.ssh_key.id}"
}

output "ssh_key" {
  value = "${data.aws_secretsmanager_secret_version.ssh_key.secret_binary}"
}

References

• https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/create-secret.html
• https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/get-secret-value.htm

[bflad]

The secret_binary attribute for the aws_secretsmanager_secret_version resource and data source has been merged and will release with version 1.40.0 of the AWS provider, likely middle of this week. 👍

[bflad]

This has been released in version 1.40.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!