From a87af8f55714be3aff80abeea0e5a9a6eb70a075 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Thu, 21 Dec 2023 18:09:12 +0800
Subject: [PATCH] FEAT: added kms_key_id support to secretsmanager-secret
 module

---
 .../secretsmanager-secret/main.tf                           | 1 +
 .../secretsmanager-secret/variables.tf                      | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/modules/security_identity_compliance/secretsmanager-secret/main.tf b/modules/security_identity_compliance/secretsmanager-secret/main.tf
index 5bc2cd2..da440e2 100644
--- a/modules/security_identity_compliance/secretsmanager-secret/main.tf
+++ b/modules/security_identity_compliance/secretsmanager-secret/main.tf
@@ -7,6 +7,7 @@ resource "random_id" "rid" {
 resource "aws_secretsmanager_secret" "secret1" {
   name        = "${var.secret_name}-${random_id.rid.dec}"
   description = var.secret_description
+  kms_key_id  = var.kms_key_id == null ? null : var.kms_key_id
 }
 
 resource "aws_secretsmanager_secret_version" "this" {
diff --git a/modules/security_identity_compliance/secretsmanager-secret/variables.tf b/modules/security_identity_compliance/secretsmanager-secret/variables.tf
index 67716ff..ceb1bfb 100644
--- a/modules/security_identity_compliance/secretsmanager-secret/variables.tf
+++ b/modules/security_identity_compliance/secretsmanager-secret/variables.tf
@@ -14,4 +14,10 @@ variable "generate_secret" {
   type        = bool
   default     = false
   description = "If set to true, a secure password will be generated and saved."
+}
+
+variable kms_key_id {
+  type = string
+  default = null
+  description = "Custom kms key id. If not specified, the default key aws/secretmanager key will be used."
 }
\ No newline at end of file