I am trying to pull secrets stored in az kv for TF SPN i would like to use to authenticate to TFE: I get cycle dependency errors: “Error: Cycle: data.azurerm_key_vault_secret.sub-id,…”
Is this even possible? if not any suggestions?
Azure Vault Data
data “azurerm_key_vault” “kv” {
name = “akv-terraform”
resource_group_name = “terraform”
}
#from azure vault
data “azurerm_key_vault_secret” “cl-id” {
name = “CLIENT-ID”
key_vault_id = “${data.azurerm_key_vault.kv.id}”
}
from azure vault
data “azurerm_key_vault_secret” “cl-sec” {
name = “CLIENT-SECRET”
key_vault_id = “${data.azurerm_key_vault.kv.id}”
}
from azure vault
data “azurerm_key_vault_secret” “sub-id” {
name = “SUBSCRIPTION-ID”
key_vault_id = “${data.azurerm_key_vault.kv.id}”
}
Fetch secret from azure vault
data “azurerm_key_vault_secret” “tenant-id” {
name = “TENANT-ID”
key_vault_id = “${data.azurerm_key_vault.kv.id}”
}
Azure Provider new creds used
provider “azurerm” {
features {}
subscription_id = “${data.azurerm_key_vault_secret.sub-id.value}”
client_id = “${data.azurerm_key_vault_secret.cl-id.value}”
client_secret = “${data.azurerm_key_vault_secret.cl-sec.value}”
tenant_id = “${data.azurerm_key_vault_secret.tenant-id.value}”
}
#TFE
terraform {
#provid
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.62.0"
}
}
}