Skip to main content
filebase64(path) reads the file at path and returns its contents as a base64-encoded string. The path is relative to the playbook’s working directory.

Signature

filebase64(path string) string

Example

Read a binary certificate file and embed it in a Kubernetes secret manifest without writing a separate encoding step: 
variable "cert_path" {
  description = "Path to the TLS certificate"
  type        = string
  default     = "certs/tls.crt"
}

variable "key_path" {
  description = "Path to the TLS key"
  type        = string
  default     = "certs/tls.key"
}

computed "cert_b64" {
  expression = filebase64(var.cert_path)
}

computed "key_b64" {
  expression = filebase64(var.key_path)
}

task "create-tls-secret" {
  description = "Create or update the TLS secret in Kubernetes"
  commands = [
    <<-EOT
      kubectl create secret generic tls-secret \
        --from-literal=tls.crt=${computed.cert_b64} \
        --from-literal=tls.key=${computed.key_b64} \
        --dry-run=client -o yaml | kubectl apply -f -
    EOT
  ]
}

Notes

  • Useful when the target system expects base64-encoded binary content, such as Kubernetes secrets or API payloads.
  • The path is relative to the playbook’s working directory, not the current shell directory.
  • To decode a base64 string back to its original value, use base64decode.