xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

feat: updated secertsmanager-secret to use emphemeral resource

Browse Source
This commit is contained in:
xpk
2026-02-19 22:16:09 +08:00
parent d87e5dcc1f
commit 133c3cca12
4 changed files with 84 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/secretsmanager-secret/README.md
+52 -22
View File
@@ -1,29 +1,59 @@
# secretsmanager-secret module
This module creates an entry in secretsmanager, attaching a default access policy if one is
not provided from root module. A random suffix is assigned to every secret, as AWS may delay
creation of secrets with the same name, after the old one has been destroyed that is.
<!-- This readme file is generated with terraform-docs -->
# secretsmanager-secret
The default policy attached to secretsmanager prevents cross-account access.
Create secretsmanager secret. Specify secret\_version if you do not want
terraform to recreate the secret everytime terraform applies. Otherwise,
becuase this module uses emphemeral resource, the secret will be regenerated
and replaced every time.
To have this module generate a random password, set ```generate_secret``` to true.
## Requirements
To tag resources, please use provider default_tags.
| Name | Version |
|------|---------|
| terraform | >= 1.3.0 |
| aws | >= 5.0 |
## Example
```hcl
module "secret1" {
source = "../../modules/security_identity_compliance/secretsmanager-secret"
## Providers
secret_name = "test-secret-name-1"
secret_description = "test-secret-desc-1"
secret_value = "test-secret-value"
}
| Name | Version |
|------|---------|
| aws | >= 5.0 |
| random | n/a |
module "secret2" {
source = "../../modules/security_identity_compliance/secretsmanager-secret"
## Modules
secret_name = "test-secret-name-2"
secret_description = "test-secret-desc-3"
generate_secret = true
}
```
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_secretsmanager_secret.secret1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy) | resource |
| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [random_id.rid](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.policy-file](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| generate\_secret | If set to true, a secure password will be generated and saved. | `bool` | `false` | no |
| kms\_key\_id | Custom kms key id. If not specified, the default key aws/secretmanager key will be used. | `string` | `null` | no |
| secret\_description | n/a | `any` | n/a | yes |
| secret\_name | n/a | `any` | n/a | yes |
| secret\_policy | By default, cross-account access is denied | `string` | `null` | no |
| secret\_value | n/a | `string` | `null` | no |
| secret\_version | Secret version number. Increment to modify secret, or leave this unset to have your secret updated everytime terraform applies | `number` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| secret\_arn | n/a |
| secret\_id | n/a |
---
## Authorship
This module was developed by UPDATE_THIS.