Reputation: 552
terraform base64encode multiline
I have the following multiline variable in Terraform for PRIVATE_KEY encoded with base64encode function
oci_prv_key = <<EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT
when I decode the variable using the function base64decode
the heredoc marker <<EOT and EOT are included in the value, how can I rectify this behavior?
it's supposed or I assume, the value should only have the private key without the heredoc markers and beginning and end or string
Upvotes: 0
Views: 450
Answers (1)
Reputation: 18094
Your code is fine - the variable was set as a heredoc string and will be displayed like that in the plan, if you create an output variable with its value. That's just the way Terraform represents or displays multiline strings.
Example
Consider the following module that creates a text file based on local variable oci_prv_key:
locals {
oci_prv_key = <<EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT
}
resource "local_file" "key_file" {
content = local.oci_prv_key
filename = "${path.module}/key.txt"
}
output "key" {
value = local.oci_prv_key
}
Running terraform plan still shows <<-EOT:
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# local_file.key_file will be created
+ resource "local_file" "key_file" {
+ content = <<-EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT
+ content_base64sha256 = (known after apply)
+ content_base64sha512 = (known after apply)
+ content_md5 = (known after apply)
+ content_sha1 = (known after apply)
+ content_sha256 = (known after apply)
+ content_sha512 = (known after apply)
+ directory_permission = "0777"
+ file_permission = "0777"
+ filename = "./key.txt"
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key = <<-EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT
But when running terraform apply file key.txt will be generated with the proper content, i.e. without <<-EOT:
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
Alternative to heredoc strings
To be honest I never use heredoc strings, as these make the code uglier and harder to understand - the bigger the string, the worse it gets.
I prefer to store long and complex strings such as json or XML content in files instead, and use the file function to read its content. Or, as an alternative, use templatefile function to render a template file with provided variables.
Consider the following module that reads the private key from text file iac/files/key.txt:
main.tf
locals {
private_key = file("${path.module}/files/key.txt")
}
output "private_key" {
value = local.private_key
}
files/key.txt
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
Running terraform plan shows <<-EOT in the output variable, because it is a multiline string:
Changes to Outputs:
+ private_key = <<-EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT
Upvotes: 1
Related Questions
- How can I assign a multiline string literal to a variable?
- Does Java have support for multiline strings?
- Why doesn't Python have multiline comments?
- Way to create multiline comments in Bash?
- Terraform v0.12 Multi-line String EOF shell-style "here doc" syntax not been interpreted as before with v0.11
- How do you write multiline strings in Go?
- create p12 keystore secret in TF's kubernetes provider
- Multiline for WPF TextBox
- Adding a Private Key Environment Variable to Windows
- How to read multiline Azure Key Vault secret in Azure Devops Release pipeline