I’m having an issue with the openstack_keymanager_secret_v1
:
resource "openstack_keymanager_secret_v1" "server_cert" {
name = "server-cert${var.landscape}"
payload = filebase64("./certs/server-cert${var.landscape}-${var.os_region}.p12")
secret_type = "opaque"
payload_content_type = "application/octet-stream"
payload_content_encoding = "base64"
}
Every time I run a plan or apply, terraform marks these secrets for replacement, which causes several dependent resources to also be marked for replacement. What am I doing wrong that they are always being replaced?
Here the data output from pan, with some sensitive data removed
# openstack_keymanager_secret_v1.server_cert must be replaced
-/+ resource "openstack_keymanager_secret_v1" "server_cert" {
+ algorithm = (known after apply)
~ all_metadata = {} -> (known after apply)
~ bit_length = 0 -> (known after apply)
~ content_types = {
- "default" = "application/octet-stream"
} -> (known after apply)
~ created_at = "2022-02-10T17:35:38Z" -> (known after apply)
~ creator_id = (REDACTED) -> (known after apply)
~ id = (REDACTED) -> (known after apply)
+ mode = (known after apply)
name = "server-dev"
+ payload = (sensitive value)
payload_content_encoding = "base64"
payload_content_type = "application/octet-stream"
~ region = "eu-nl-1" -> (known after apply)
~ secret_ref = (REDACTED)) -> (known after apply)
secret_type = "opaque"
~ status = "ACTIVE" -> (known after apply)
~ updated_at = "2022-02-10T17:35:41Z" -> (known after apply)
~ acl {
~ read {
~ created_at = "2022-02-10T17:35:41Z" -> (known after apply)
~ project_access = true -> (known after apply)
~ updated_at = "2022-02-10T17:35:41Z" -> (known after apply)
~ users = [
- (REDACTED),
] -> (known after apply)
}
}
}