Use several secrets ARNs with run-lambda-entrypoint
Hi, We have started to use `run-lambda-entrypoint` for lambda containers and we found it really useful but with one important missing thing (or at least we weren't able to find how to do it). The feature missing is that we can't add several secrets, it looks like only one ARN secret can be added, and when you're working with hundreds of key/values you need to have some kind of hierarchical organisation with several secrets and you need to select which ARNs you want to pass to the lambda. Is there any workaround for this situation or are we missing something? (we weren't able to find anything in the docs https://github.com/gruntwork-io/terraform-aws-lambda/tree/master/modules/run-lambda-entrypoint) Thanks! --- <ins datetime="2022-07-21T08:49:45Z"> <p><a href="https://support.gruntwork.io/hc/requests/109028">Tracked in ticket #109028</a></p> </ins>
Hello @justos-br-aws-machine-user-data! At first I was going to say that ARN passed to the module is not the arn of a single secret, but the arn of your _secrets manager_, because the docs makes references to the manager itself. But after some digging, it seems that it is indeed a [single secret arn](https://github.com/gruntwork-io/terraform-aws-lambda/blob/5d9d04c699ae5297026a5ccb395d93b1a1ab60c8/test/lambda_docker_test.go#L91) that is being passed, instead of the manager holding multiple secrets. I'm not even sure if it is possible to refer the arn of the whole manager. I had a look at terraform resources right now and it only has references to the [entries](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) themselves. This is quite confusing, so I'll create an issue at the repo to discuss what's the best way to resolve this. But it is possible to have [multiple key/pairs in a single secret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html#API_CreateSecret_Example_1_Request), by passing a json string as the secret string, so this is the best workaround at the moment to access multiple secret values.