Terraform deletes google secrets version
Question
My code is as below:
# Enable API for Secret Manager
resource "google_project_service" "secret_manager" {
project = "buoyant-valve-34"
service = "secretmanager.googleapis.com"
disable_on_destroy = true
}
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "new-secret-by-me"
project = "buoyant-valve-34"
replication {
automatic = true
}
}
resource "google_secret_manager_secret_version" "secret-version-basic" {
secret = google_secret_manager_secret.secret-basic.id
secret_data = "very-secret"
}
The problem is when I change the secret_data (say "very-secret2") the terraform destroys the previous version instead of keeping it as it is. I have also tried adding the below lifecycle block but no help it shows Error: Instance cannot be destroyed
lifecycle {
prevent_destroy = true
}
How to avoid this issue? (In image please ignore version 6 I have created it manually) enter image description here
1 answers
solution1
0 2022-12-13 22:15:47
This is by design. Google's Secret Manager API does not allow editing an existing version, only enable, disable and destroy. If you edit the value of the secret in your code, Terraform will want to destroy the existing version and create a new one.
When using the secret, you should always access the latest version via "projects/{project_id}/secrets/{secret_id}/versions/latest"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.