update documentation #455
update documentation #455
Conversation
| provider "postgresql" { | ||
| [...] | ||
| password = data.aws_secretsmanager_secret_version.postgres_password.secret_string | ||
| password = jsondecode(data.aws_secretsmanager_secret_version.postgres_password.secret_string)["password"] |
There was a problem hiding this comment.
Correct me if I'm wrong but this seems to depends of what you put in the secret_string no?
I mean one could put the password directly and not a JSON containing a password field.
There was a problem hiding this comment.
But if you use the AWS Secrets Manager, the secrets are always stored as key/value pairs, so there is no way around the JSON format.
There was a problem hiding this comment.
the secrets are always stored as key/value pairs
Actually no, if you define the secret with the key/value tab in the AWS console, it indeed generates JSON, but the SecretString is a text in which you can put what you want.
In the AWS console, there's even a "plaintext" tab in which you can enter a raw string, e.g.:
But as your example could indeed be a typical setup (many users will set a JSON), I'm ok to merge this example 👍
There was a problem hiding this comment.
Well, I took an extra look at the console yesterday, but somehow overlooked this option. Sorry, you're right👍
Just a small addition: if you create an RDS in AWS with Terraform, it is possible to set the attribute "manage_master_user_password" to true, then the credentials are automatically managed by the RDS itself in the Secrets Manager. And then they are automatically saved in JSON format.
That was the actual reason for this PR, coming from this setup.
There was a problem hiding this comment.
then the credentials are automatically managed by the RDS itself in the Secrets Manager. And then they are automatically saved in JSON format
@manu-akw Thanks, I didn't know that 👍
2 participants
fix decoding of password