33# - preview: uses PSC endpoint to reach dev DB from preview VPC
44# - prod: uses private IP within prod VPC
55
6- # Data source ONLY for preview (secret created by dev deployment, already exists)
7- data "google_secret_manager_secret_version" "database_url_for_preview" {
8- count = startswith (var. environment , " preview" ? 1 : 0
9- secret = " database-url-preview"
10- }
11-
12- # Local to pick the right database URL based on environment
6+ # Local for apricot credentials (prod uses /api/ endpoint, all others use /sandbox/)
137locals {
14- database_url_secret_data =
15- var. environment == " prod"
16- ? google_secret_manager_secret_version. database_url_prod [0 ]. secret_data
17- : (startswith (var. environment , " preview"
18- ? data. google_secret_manager_secret_version . database_url_for_preview [0 ]. secret_data
19- : google_secret_manager_secret_version. database_url_dev [0 ]. secret_data
20- )
21- )
22-
238 # Apricot credentials - prod uses /api/ endpoint, all others use /sandbox/
249 apricot_client_id =
2510 var. environment == " prod"
@@ -144,7 +129,7 @@ resource "google_compute_instance" "app_vm" {
144129 mastra_image = var.mastra_image_url
145130 project_id = local.project_id
146131 environment = var.environment
147- database_url = local.database_url_secret_data
132+ database_url = " "
148133 openai_api_key = data.google_secret_manager_secret_version.openai_api_key.secret_data
149134 anthropic_api_key = data.google_secret_manager_secret_version.anthropic_api_key.secret_data
150135 exa_api_key = data.google_secret_manager_secret_version.exa_api_key.secret_data
@@ -171,7 +156,7 @@ resource "google_compute_instance" "app_vm" {
171156
172157 # Recreate VM when container images change
173158 lifecycle {
174- replace_triggered_by = terraform_data . image_versions ]
159+ replace_triggered_by = terraform_data . image_versions [ 0 ] ]
175160 }
176161
177162 depends_on =
0 commit comments