Hi,
We are using cdktf with the typescript for reading the secrets from AWS Secrets.
Depending on the secret type sometimes we get a JSON and sometimes it is just a plain text.
We wrote the following generic function to read the secrets. We check if we are able to JSONDecode look up the keys else return the secret as it is.
get(): string {
const secretManagerData = new DataAwsSecretsmanagerSecret(this, "secretManagerGetData", {
provider: this.provider,
name: this.secretName
});
const secretManagerVersion = new DataAwsSecretsmanagerSecretVersion(this, "secretManagerGetDataVersion", {
secretId: secretManagerData.id,
provider: this.provider
});
const secretValue = secretManagerVersion.secretString;
//
/**
* Currently we are forced to know upfront if secret being looked up is JSON or not.
* @TODO: Find an automated way to detect if secret being read is JSON or plain string.
*/
if (Fn.can(Fn.jsondecode(secretValue))) {
const data = Fn.jsondecode(secretValue);
return Fn.lookup(data, this.secretName, null);
} else {
return secretValue;
}
}
However, we get an error Call to function "jsondecode" failed: invalid character '-' in numeric whenever we get a plain-text secret instead of JSON.
The error is valid as this specific secret is not JSON so we expected it to go the else condition.
We tried multiple approaches but we were not able to get it to work.
We also tried Fn.try([Fn.jsondecode(secretValue), ""]) but that also didn’t work.
We would really appreciate if we can understand what is going on and what is the right way to handle it.
Regards
Saurabh