Terraform: Cannot find Vault generic secret keys that contain a period

Created on 25 May 2017  ยท  5Comments  ยท  Source: hashicorp/terraform

Terraform Version

v0.9.5

Affected Resource(s)

data.vault_generic_secret

Terraform Configuration Files

data "vault_generic_secret" "certs" {
  path = "secret/certs"
}

output "test" {
    value = "${data.vault_generic_secret.agent-config.data["example.crt"]}"
}

Vault Secret

vault write secret/certs [email protected] [email protected]

Expected Behavior

Vault accepts secret keys containing periods. I expect TF to be able to read them. If this is a result of the way TF parses the key that cannot be fixed, it should be mentioned as a limitation in the Vault provider docs.

Actual Behavior

key "example.crt" does not exist in map data.vault_generic_secret.certs.data in:

${data.vault_generic_secret.certs.data["example.crt"]}

Similar errors occur when the data source is used by other resources such as kubernetes_secret.

Steps to Reproduce

  1. Create a Vault secret with a key name that contains a period.
  2. terraform apply

Important Factoids

It appears there might be an issue with how TF types the map. If you create a Vault secret with a key name that contains a period and one that does not, TF will throw an error about non homogenous types even if both keys contain the same json data. Haven't had a chance to look into it further.

bug config
Source
picture lmickh

Most helpful comment

Any progress on this?

picture ambar-cap on 8 Jun 2018
👍2

All 5 comments

Your theory sounds right, @lmickh.

Right now we're still flattening everything down to strings for storage in the state, but we're in the early stages of planning for work to address that and store structures more natively. After that we can hopefully fix this, but agreed that having some docs in the short term would be best.

apparentlymart picture apparentlymart on 25 May 2017

Any progress on this?

ambar-cap picture ambar-cap on 8 Jun 2018
👍2

Let me be the "+1" on this question. Are there any news about this? Or maybe a workaround?

alexandernst picture alexandernst on 31 Oct 2018

Hi all! Sorry for the long silence here.

This issue has the same root cause as the second problem I described in #10876, which over there I verified is fixed in the v0.12.0-alpha2 prerelease build.

Since this fix is already in master and ready to be included in the forthcoming v0.12.0 final release, I'm going to close this out now. Thanks for reporting this, and sorry for the delay in getting it resolved.

apparentlymart picture apparentlymart on 20 Nov 2018

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 31 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Seraf picture Seraf  ยท  3Comments
darron picture darron  ยท  3Comments
shanmugakarna picture shanmugakarna  ยท  3Comments
allomov picture allomov  ยท  3Comments
ronnix picture ronnix  ยท  3Comments