Terraform and AWS secrets

I must be missing something in how AWS secrets can be accessed through Terraform. Here is the scenario I am struggling with:

• I create an IAM user named "infra_user", create ID and secret access key for the user, download the values in plain txt.

• "infra_user" will be used to authenticate via terraform to provision resources, lets say an S3 and an EC2 instance.

• To protect the ID and secret key of "infra_user", I store them in AWS secrets manager.

• In order to authenticate with "infra_user" in my terraform script, I will need to retrieve the secrets via the following block:

   data "aws_secretsmanager_secret" "arn" {
    arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret开发者_JAVA技巧:example-123456"
  }
  

But, to even use the data block in my script and retrieve the secrets wouldn't I need to authenticate to AWS in some other way in my provider block before I declare any resources? If I create another user, say "tf_user", to just retrieve the secrets where would I store the access key for "tf_user"? How do I avoid this circular authentication loop?