diff --git a/modules/security_identity_compliance/secretsmanager-secret/main.tf b/modules/security_identity_compliance/secretsmanager-secret/main.tf index 5bc2cd2..da440e2 100644 --- a/modules/security_identity_compliance/secretsmanager-secret/main.tf +++ b/modules/security_identity_compliance/secretsmanager-secret/main.tf @@ -7,6 +7,7 @@ resource "random_id" "rid" { resource "aws_secretsmanager_secret" "secret1" { name = "${var.secret_name}-${random_id.rid.dec}" description = var.secret_description + kms_key_id = var.kms_key_id == null ? null : var.kms_key_id } resource "aws_secretsmanager_secret_version" "this" { diff --git a/modules/security_identity_compliance/secretsmanager-secret/variables.tf b/modules/security_identity_compliance/secretsmanager-secret/variables.tf index 67716ff..ceb1bfb 100644 --- a/modules/security_identity_compliance/secretsmanager-secret/variables.tf +++ b/modules/security_identity_compliance/secretsmanager-secret/variables.tf @@ -14,4 +14,10 @@ variable "generate_secret" { type = bool default = false description = "If set to true, a secure password will be generated and saved." +} + +variable kms_key_id { + type = string + default = null + description = "Custom kms key id. If not specified, the default key aws/secretmanager key will be used." } \ No newline at end of file