我是 HashicorpVault 和 Terraform 的新手。尝试在保管库中创建一个秘密,其中路径 kv/data/pipeline/synapse-cdo/uat/ 中已经有一个名为 UAT 的秘密,并且想要在子路径中添加一个秘密,例如 kv/data/pipeline/synapse- cdo/dev/ 但 terrafrom 删除 UAT 秘密并部署 dev
resource "vault_kv_secret_v2" "deploynewsecrets"
{
mount = var.mountpoint name = "pipeline/synapse-cdo/dev/"
data_json = jsonencode
({ "appid" = "bnasoirhol748975"
"secretid" = "naihpoiepsoiporihtpeoi6547838399"
})
}
vault_kv_secret_v2.deploynewsecrets:刷新状态... [id=kv/data/pipeline/synapse-cdo/uat/]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
\-/+ destroy and then create replacement
Terraform will perform the following actions:
# vault_kv_secret_v2.deploynewsecrets must be replaced
\-/+ resource "vault_kv_secret_v2" "deploynewsecrets" {
\~ data = (sensitive value)
\~ id = "kv/data/pipeline/synapse-cdo/uat/" -\> (known after apply)
\~ metadata = {
\- "created_time" = "2024-11-02T06:03:23.7875518Z"
\- "custom_metadata" = "null"
\- "deletion_time" = null
\- "destroyed" = "false"
\- "version" = "1"
} -\> (known after apply)
\~ name = "pipeline/synapse-cdo/uat/" -\> "pipeline/synapse-cdo/dev/" # forces replacement
\~ path = "kv/data/pipeline/synapse-cdo/uat/" -\> (known after apply)
\# (4 unchanged attributes hidden)
- custom_metadata {
- cas_required = false -> null
- data = {} -> null
- delete_version_after = 0 -> null
- max_versions = 0 -> null
}
}
Plan: 1 to add, 0 to change, 1 to destroy.your text
您需要分别定义这两条路径。看起来您使用了相同的 terraform 资源来定义
uatdev您需要两个独立的资源定义,或者,如果您想避免重用代码,请将其放入循环中。
另外,我希望我不必这么说,但是将秘密纯文本放入代码库中是一种反模式,我真的希望您在此处发布的 appid 和 Secretid 不是真实的。
如果是的话,您现在需要考虑它们受到损害并重新配置它们。