I am following this doc
https://www.terraform.io/docs/providers/aws/d/kms_secrets.html
As I want to store mysql password in encrypted format
This looks good
$ aws kms encrypt --key-id arn:aws:kms:us-west-2:>id>:key/7e791977-123456 --plaintext fileb:///tmp/dbpass --output text --query CiphertextBlob
Now when I am trying to use in my code based on above doc
data "aws_kms_secret" "rds" {
secret {
name = "db-password"
payload = "pay load here"
}
}
Snip of my terraform code
resource "aws_db_instance" "my-test-sql" {
instance_class = "${var.db_instance}"
engine = "mysql"
engine_version = "5.7"
multi_az = true
storage_type = "gp2"
allocated_storage = 20
name = "mytestrds"
username = "admin"
password = "${data.aws_kms_secret.rds.db-password}"
It's failing due to this error
Error: Unsupported attribute
on rds/main.tf line 16, in resource "aws_db_instance" "my-test-sql":
16: password = "${data.aws_kms_secret.rds.db-password}"
This object has no argument, nested block, or exported attribute
named "db-password".
$ terraform version
Terraform v0.12.13
Is anyone run into similar sort of issue/error with terraform version 0.12?
Update
I even tried what suggested in doc
password = "${data.aws_kms_secret.rds.plaintext["db-password"]}"
But it's failing due to different error
Error: Unsupported attribute
on rds/main.tf line 14, in resource "aws_db_instance" "my-test-sql":
14: password = "${data.aws_kms_secret.rds.plaintext["db-password"]}"
This object has no argument, nested block, or exported attribute named "plaintext".
According to the same documentation you linked to, you should use
${data.aws_kms_secret.rds.plaintext["db-password"]}to access the secret.