terraformmultilineinfrastructure-as-code

terraform base64encode multiline

I have the following multiline variable in Terraform for PRIVATE_KEY encoded with base64encode function

oci_prv_key = <<EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT

when I decode the variable using the function base64decode

the heredoc marker <<EOT and EOT are included in the value, how can I rectify this behavior?

it's supposed or I assume, the value should only have the private key without the heredoc markers and beginning and end or string

Solution

  • Your code is fine - the variable was set as a heredoc string and will be displayed like that in the plan, if you create an output variable with its value. That's just the way Terraform represents or displays multiline strings.

    Example

    Consider the following module that creates a text file based on local variable oci_prv_key:

    locals {
  oci_prv_key = <<EOT
-----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----
EOT
}

resource "local_file" "key_file" {
  content  = local.oci_prv_key
  filename = "${path.module}/key.txt"
}

output "key" {
  value = local.oci_prv_key
}

    Running terraform plan still shows <<-EOT:

    Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # local_file.key_file will be created
  + resource "local_file" "key_file" {
      + content              = <<-EOT
            -----BEGIN PRIVATE KEY-----
            xxxxxxxxx
            xxxxxxxx
            xxxxxxxxx
            xxxxxxxxx
            -----END PRIVATE KEY-----
        EOT
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0777"
      + filename             = "./key.txt"
      + id                   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + key = <<-EOT
        -----BEGIN PRIVATE KEY-----
        xxxxxxxxx
        xxxxxxxx
        xxxxxxxxx
        xxxxxxxxx
        -----END PRIVATE KEY-----
    EOT

    But when running terraform apply file key.txt will be generated with the proper content, i.e. without <<-EOT:

    -----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----

    Alternative to heredoc strings

    To be honest I never use heredoc strings, as these make the code uglier and harder to understand - the bigger the string, the worse it gets.

    I prefer to store long and complex strings such as json or XML content in files instead, and use the file function to read its content. Or, as an alternative, use templatefile function to render a template file with provided variables.

    Consider the following module that reads the private key from text file iac/files/key.txt:

    main.tf

    locals {
  private_key = file("${path.module}/files/key.txt")
}

output "private_key" {
  value = local.private_key
}

    files/key.txt

    -----BEGIN PRIVATE KEY-----
xxxxxxxxx
xxxxxxxx
xxxxxxxxx
xxxxxxxxx
-----END PRIVATE KEY-----

    Running terraform plan shows <<-EOT in the output variable, because it is a multiline string:

    Changes to Outputs:
  + private_key = <<-EOT
        -----BEGIN PRIVATE KEY-----
        xxxxxxxxx
        xxxxxxxx
        xxxxxxxxx
        xxxxxxxxx
        -----END PRIVATE KEY-----
    EOT