.pem cert file always generated after run terraform plan

[wshao12]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Question

I am using the latest ibm-cloud provider to creates postgresql replica. After running terraform plan, I always got a pem cert file: a607ea3c-cbd8-4fc4-be71-43f01948bbeb.pem. I cannot figure out why it is generated. It is an untacked file. Should this file be explicitly created? It always be created after I deleted it and run terraform plan again. Should I put it in .gitignore? I do not think it should be git committed. Please help.

New or Affected Resource(s) or Datasource(s)

• ibm_XXXXX data "ibm_database" "leader" { name = "${module.stack.longname}-pg-wfs" location = module.stack.region service = "databases-for-postgresql" resource_group_id = module.stack.resource_group_id }

data "aws_secretsmanager_secret" "leader-credential" { name = "/stack/${module.stack.longname}/postgresql/${data.ibm_database.leader.name}/user/${data.ibm_database.leader.adminuser}" provider = aws.seismic-dev }

data "aws_secretsmanager_secret_version" "leader-credential" { secret_id = data.aws_secretsmanager_secret.leader-credential.id provider = aws.seismic-dev }

module "ibm-postgres" { source = "../../modules/ibm-postgresql" stack_shortname = "raven" environment = module.stack.environment instance_shortname = "wfs-14" region = module.stack.region resource_group_id = module.stack.resource_group_id pg_version = 13 service = "wfs" password = data.aws_secretsmanager_secret_version.leader-credential.secret_string remote_leader_id = data.ibm_database.leader.id }

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

terraform {
  required_providers {
    ibm = {
      source = "IBM-Cloud/ibm"
    }
  }
}

provider "ibm" {
  region           = "us-south"
  ibmcloud_api_key = var.IC_API_KEY_DEV
}

References

• 0000

[omaraibrahim]

@wshao12 Thanks for reaching out!

The generation of a pem file is expected. Please note that cert_file_path will no longer be supported per this PR: https://github.com/IBM-Cloud/terraform-provider-ibm/commit/0bead53fb67e09aa93f6924a4791511e54ec08a4

In the new upcoming terraform versions the expectation will be that users use ibm_database_connection to get connection string information.

Thanks and hope you have a wonderful day!