search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.71k stars 9.07k forks source link

[Bug]: Value retrieved from aws secrets manager is altered prior to storing in aws parameter store #33073

Open lsnetsinger opened 1 year ago

lsnetsinger commented 1 year ago

Terraform Core Version

1.5.5

AWS Provider Version

v5.7.0

Affected Resource(s)

Retrieving the value using:

data "aws_secretsmanager_secret_version" "gcp_auth" {
  secret_id = "${substr(var.env, 0, 3)}/gcp_auth"
}

Storing the value using:

resource "aws_ssm_parameter" "gcp_auth" {
  name   = "/${var.env}-${var.app_name}/gcp_auth"
  type   = "SecureString"
  value  = data.aws_secretsmanager_secret_version.gcp_auth.secret_string
  key_id = data.aws_kms_key.parameter_store_kms_key.id

Expected Behavior

Value Stored Should be: image

Actual Behavior

Value Received: image

Value was changed before being stored in the parameter store. This should not be the case. The value should be stored the same way it was retrieved from the secrets manager

Relevant Error/Panic Output Snippet

No Errors or Panic

Terraform Configuration Files

This is not an error so I am not sure what logs to provide.

Steps to Reproduce

Store a key / value set in the secrets manager one with a private key

image

Try to retrieve and store the retrieved value in a parameter store encrypted parameter.

Debug Output

No errors

Panic Output

NA

Important Factoids

This is stored as sensitive information. I am thinking the issue may be with encryption and decryption.

References

I have none

Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

lsnetsinger commented 11 months ago

Can someone please review this issue?