Terraform secret creation invalid character looking for beginning of value

Revision history
Tags: terraform kubernetes docker

I was trying to create a kubernetes_secret with Terraform when I got this error

* kubernetes_secret.container-repository: Secret "azurecr" is invalid: data[.dockerconfigjson]: Invalid value: "<secret contents redacted>": invalid character 'e' looking for beginning of value

I read in the Kubernetes container image reference that I would set the value of the secrets as the base64 representation of a Docker config.json file:

apiVersion: v1
kind: Secret
  name: myregistrykey
  namespace: awesomeapps
  .dockerconfigjson: UmVhbGx5IHJlYWxseSByZWVlZWVlZWVlZWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGx5eXl5eXl5eXl5eXl5eXl5eXl5eSBsbGxsbGxsbGxsbGxsbG9vb29vb29vb29vb29vb29vb29vb29vb29vb25ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cgYXV0aCBrZXlzCg==
type: kubernetes.io/dockerconfigjson

However, this is not the case when declaring them in terraform with kubernetes_secret, in which case you would avoid encoding it. Instead, you can include it with the file() interpolation syntax

resource "kubernetes_secret" "container-repository" {
  metadata {
    name = "azurecr"
    namespace = "${var.namespace}"

  data {
    ".dockerconfigjson" = "${file("${path.module}/.docker/config.json")}"

  type = "kubernetes.io/dockerconfigjson"


If you have any comments or feedback, please send me an e-mail. (stig at stigok dotcom).

Did you find any typos, incorrect information, or have something to add? Then please propose a change to this post.

Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.