I’m running into very strange behavior in terraform when making use of the jsonencode() function. I am using the AWS secrets manager terraform module to generate a database secret for my application.
It contains 3 values – database host, port and name. However, even though I provide the port wrapped in double quotes to force string interpretation it is being created in Secrets Manager as a number. My application is expecting the secret kv values to all be strings.
The 2 code below demonstrates the challenge. When passing the output directly (as in the secret_string_broken example), it is interpreted as a number. When it is provided explicitly (as in the secret_string_working example), it is interpreted as a string – as expected.
secret_string_broken = jsonencode({
DB_HOST = "${module.db.endpoint}"
DB_PORT = "${module.db.port}"
DB_NAME = "${module.db.db_name}"
})
secret_string_working = jsonencode({
DB_HOST = "${module.db.endpoint}"
DB_PORT = "1234"
DB_NAME = "${module.db.db_name}"
})
Is this an issue with my usage of the jsonencode() function? Or am I running into some strange Terraform behavior?
My guess is that terraform is making use of the output type for the module.db.port value and using that to set the value – but I’m confused by why it would ignore the wrapping double quotes.
2
Answers
Both of those examples are strings, because you have wrapped them both in double quotes. If you want them to be numbers you need to leave the quotes out, like this:
Based on the documentation, the port seems to be a number. Enclosing it into quotes will not make it a string. What you could try is using the explicit type casting with
tostring
:I also think you don’t need to enclose the host and name with quotes since they will probably be strings anyway, which means this might work as well: