Description
Howdy!
Thanks for this provider! I'm using Aurora Postgresql 12.4 and would like to inject the RDS cert bundle (from https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem) that I have stored in Secrets Manager as plain text. I am using the Terraform data lookup for aws_secretsmanager_secret and aws_secretsmanager_secret_version to lookup the secret and get its value, respectively. My secret lookup and provider config look like:
data "aws_secretsmanager_secret" "rds_cert_bundle" {
name = "/rds/cert/bundle"
}
data "aws_secretsmanager_secret_version" "rds_cert_bundle_version" {
secret_id = data.aws_secretsmanager_secret.rds_cert_bundle.id
}
provider "postgresql" {
host = var.metadb_cluster_endpoint
port = var.metadb_port
database = "postgres"
username = var.metadb_user
password = var.metadb_password
superuser = false
sslmode = "verify-full"
sslrootcert = data.aws_secretsmanager_secret_version.rds_cert_bundle_version.secret_string
connect_timeout = 15
expected_version = "12.4"
}
When I run a plan, I receive the error:
Error: missing "=" after "MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT" in connection info string"
The newlines separating the cert contents are causing problems as I do not get this issue if I specify a local path pointing to the downloaded cert bundle. Is it even possible to inject the cert bundle via a secret?
Terraform Version
Terraform 0.14.8
Affected Resource(s)
provider "postresql"
Terraform Configuration Files
See code above
Debug Output
See code above
Panic Output
n/a
Expected Behavior
Not sure. Would like to find out if I can inject a cert bundle from a Secrets Manager lookup.
Actual Behavior
Error: missing "=" after "MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT" in connection info string"
Steps to Reproduce
The error above occurs when I perform a terraform plan