Database Secret Engine TTL values from terraform variables not accepting string type variable



We changed the variable type from “number” to “string”. When we passed the value of the variables as 32d or 24h to denote in hours or days, it is throwing as error.

It works fine when we pass the value in seconds like 3600.

values as 32d or 24h work fine when passing in CLI command or API call directly to Vault.
example: vault write -f auth/approle/role/tocheckttl token_ttl=“24h” token_max_ttl=“25d”

Terraform is not allowing the attribute to take value in the 32d format.

Looking over the Terraform registry docs, it specifies the ttl should be defined in seconds:

(Optional) The default number of **seconds** for leases for this role.

Since the type is number and not string, a notation like d for days I would expect to cause an error.

It can certainly be a cause for some confusion since the CLI/API accepts this as either a string or int.

1 Like