I am trying to read enabled secrets from one key vault and write it to other key vault. However I am getting an error.

data “azurerm_key_vault_secrets” “source_kv1_secrets” {
provider = azurerm.prod
key_vault_id = data.azurerm_key_vault.source_kv1.id
}

resource “azurerm_key_vault_secret” “copied_secret” {
for_each = toset([for s in data.azurerm_key_vault_secrets.source_kv1_secrets : s.names if s.secrets.enabled == true])
name = data.azurerm_key_vault_secret.source_kv1_secrets[each.key].name
value = data.azurerm_key_vault_secret.source_kv1_secrets[each.key].value
key_vault_id = azurerm_key_vault.vault.id
}

on kv-main.tf line 77, in resource “azurerm_key_vault_secret” “copied_secret”:
│ 77: for_each = toset([for s in data.azurerm_key_vault_secrets.source_kv1_secrets : s.names if s.secrets.enabled == true])
│
│ Can’t access attributes (s.secrets) on a primitive-typed value (string).

It is solved.

variable to hold enabled secret name

variable “secret_set” {
type = set(string)
default =
}

key vault data

data “azurerm_key_vault” “source_kv1” {
provider = azurerm.prod
resource_group_name = “{var.prod_res_prefix}-{var.kv_rg_name}”
name = “{var.prod_res_prefix}-{var.vault_name1}”
}

key vault secrets

data “azurerm_key_vault_secrets” “source_kv1_secrets” {
provider = azurerm.prod
key_vault_id = data.azurerm_key_vault.source_kv1.id
}

update variable with enabled secrets

locals {
secret_set = toset([for s in data.azurerm_key_vault_secrets.source_kv1_secrets.secrets : s.name if s.enabled == true])
}

key vault data for enabled secrets only

data “azurerm_key_vault_secret” “source_kv1_secrets” {
provider = azurerm.prod
for_each = local.secret_set
name = each.value
key_vault_id = data.azurerm_key_vault.source_kv1.id
}