generated from cloudposse/terraform-example-module
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
33 lines (28 loc) · 912 Bytes
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
locals {
# Filter out our sops mappings
sops_secret_mapping = [
for mapping in var.secret_mapping :
mapping if mapping.type == "sops"
]
# Filter the unique set of sops files we need to pull
sops_files = toset(distinct([
for mapping in local.sops_secret_mapping :
mapping.file
]))
# Collect our sops file values as a map of "sops file path => map of values"
sops_yamls = {
for sops_file in local.sops_files :
sops_file => yamldecode(data.sops_file.sops_secrets[sops_file].raw)
}
# Create our sops secret name to value map
sops_secrets = {
for mapping in local.sops_secret_mapping :
mapping.name => lookup(local.sops_yamls[mapping.file], mapping.name, null)
}
# The final secrets for generic consumption
secrets = local.sops_secrets
}
data "sops_file" "sops_secrets" {
for_each = local.sops_files
source_file = "${path.root}/${each.value}"
}