Terraform picks up secrets value from AWS secrets manager in wrong format

Question

I have a secrets manager secret like:

key: value

example: "1.1.1.1/1", "2.2.2.2/2",

Now in the plaintext in secrets manager the value shows up like:

"\"1.1.1.1/1\", "\"2.2.2.2/2\"",

adding these extra \" before and after the values.

Now, when I call/get this "value" in terraform it also picks up the same as the plaintext value, which is not acceptable in the code Im calling it in.

jsondecode(nonsensitive(data.aws_secretsmanager_secret_version.example.secret_string)).example

Can I somehow get the value as is and not with those extra \" ??

Answer 1

@Marcin is totally right:

Your original value is not json anyway, so that's why it probably does not work.

You should store your secrets using JSON structure:

{
  "example": ["1.1.1.1/1", "2.2.2.2/2"]
}

OR

{
  "example1": "1.1.1.1/1",
  "example2": "2.2.2.2/1"
}

OR

{
  "example": "1.1.1.1/1, 2.2.2.2/2"
}

Get value and simply decode it from JSON to map(any):

# 1st JSON
jsondecode(data.aws_secretsmanager_secret_version.example.secret_string).example     # ["1.1.1.1/1", "2.2.2.2/2"]
jsondecode(data.aws_secretsmanager_secret_version.example.secret_string).example[0]  # "1.1.1.1/1"
jsondecode(data.aws_secretsmanager_secret_version.example.secret_string).example[1]  # "2.2.2.2/2"

# 2nd json
jsondecode(data.aws_secretsmanager_secret_version.example.secret_string).example1  # "1.1.1.1/1"
jsondecode(data.aws_secretsmanager_secret_version.example.secret_string).example2  # "2.2.2.2/2"

# 3rd json (probably what you want)
jsondecode(data.aws_secretsmanager_secret_version.example.secret_string).example  # "1.1.1.1/1, 2.2.2.2/2"

P.S.: Always remember that Secrets Managers stores your values as plain text. In your case you can store it as a single value `1.1.1.1/1, 2.2.2.2/2` and then you'll get just a string OR you can store it as a JSON string which can be decoded into `map(any)`