2023-06-13 15:37:53 +08:00
|
|
|
# secretsmanager-secret module
|
|
|
|
|
This module creates an entry in secretsmanager, attaching a default access policy if one is
|
|
|
|
|
not provided from root module. A random suffix is assigned to every secret, as AWS may delay
|
|
|
|
|
creation of secrets with the same name, after the old one has been destroyed that is.
|
|
|
|
|
|
2023-12-21 17:47:41 +08:00
|
|
|
The default policy attached to secretsmanager prevents cross-account access.
|
|
|
|
|
|
|
|
|
|
To have this module generate a random password, set ```generate_secret``` to true.
|
|
|
|
|
|
2023-06-13 15:37:53 +08:00
|
|
|
To tag resources, please use provider default_tags.
|
|
|
|
|
|
|
|
|
|
## Example
|
|
|
|
|
```hcl
|
2023-12-21 17:47:41 +08:00
|
|
|
module "secret1" {
|
2023-06-13 15:37:53 +08:00
|
|
|
source = "../../modules/security_identity_compliance/secretsmanager-secret"
|
|
|
|
|
|
2023-12-21 17:47:41 +08:00
|
|
|
secret_name = "test-secret-name-1"
|
|
|
|
|
secret_description = "test-secret-desc-1"
|
2023-06-13 15:37:53 +08:00
|
|
|
secret_value = "test-secret-value"
|
|
|
|
|
}
|
2023-12-21 17:47:41 +08:00
|
|
|
|
|
|
|
|
module "secret2" {
|
|
|
|
|
source = "../../modules/security_identity_compliance/secretsmanager-secret"
|
|
|
|
|
|
|
|
|
|
secret_name = "test-secret-name-2"
|
|
|
|
|
secret_description = "test-secret-desc-3"
|
|
|
|
|
generate_secret = true
|
|
|
|
|
}
|
2023-06-13 15:37:53 +08:00
|
|
|
```
|
