CiscoOpsStack/terraform-aws-secretsmanager-ops_stackPublic

forked fromCoalfire-CF/terraform-aws-secretsmanager

NotificationsYou must be signed in to change notification settings
Fork0
Star0

Coalfire AWS Secrets Manager Terraform Module

coalfire.com/opensource

License

MIT license

0 stars 1 fork Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 36 Commits
.github		.github
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
CONTRIBUTING.md		CONTRIBUTING.md
License.md		License.md
README.md		README.md
coalfire_logo.png		coalfire_logo.png
locals.tf		locals.tf
main.tf		main.tf
outputs.tf		outputs.tf
providers.tf		providers.tf
variables.tf		variables.tf

Repository files navigation

AWS Secrets Manager Terraform Module

Description

This module creates secrets in AWS Secrets Manager. The variblenames is a list that will be used to create secrets for however many values are passed into the list.

Dependencies

No dependencies.

Resource List

Secrets Manager Secret
Secret Policy
Secret Version

Deployment Steps

This module can be called as outlined below.

Change directories to the directory that requires secrets and source the module as shown below.
From the directory runterraform init.
Runterraform plan to review the resources being created.
If everything looks correct in the plan output, runterraform apply.

Usage

The below example is how you can call secrets manager module to create secrets as needed. One important note is ensuring you exclude any characters for systems such as PGSQL. As there can be issues with the characters accepted by it. It's best to exclude#$/_%&"'=

If secrets need to be shared between AWS accounts, set "shared = true" and also provide "cross_account_ids".

locals{secrets=[    {    secret_name="test123"    secret_description="test service account for the 123 service"    },     {     secret_name="svc_test456"    secret_description=""    }  ]}module"secrets" {source="github.com/Coalfire-CF/terraform-aws-secretsmanager"partition=var.partitionsecrets=local.secretslength=15special=trueoverride_special="$%&!"kms_key_id=data.terraform_remote_state.setup.sm_kms_key_idpath=""shared=falsecross_account_ids=[""]}

Requirements

Name	Version
terraform	>=1.5.0
aws	~> 5.0
random	~> 3.0

Providers

Name	Version
aws	~> 5.0
random	~> 3.0

Modules

No modules.

Resources

Name	Type
aws_secretsmanager_secret.this	resource
aws_secretsmanager_secret_policy.shared	resource
aws_secretsmanager_secret_version.this	resource
random_password.password	resource
aws_iam_policy_document.resource_policy_MA	data source

Inputs

Name	Description	Type	Default	Required
cross_account_ids	A list of strings containing the account IDs of AWS accounts that should have cross-account access to this secret	`list(string)`	`null`	no
empty_value	Whether the secret should be generated without a value	`bool`	`false`	no
global_tags	a map of strings that contains global level tags	`map(string)`	`{}`	no
kms_key_id	Specifies the ARN or alias of the AWS KMS customer master key (CMK) to be used to encrypt the secret values in the versions stored in this secret.	`string`	n/a	yes
length	The length of the password to be generated	`number`	`15`	no
min_lower	Minimum number of lower case characters	`number`	`1`	no
min_numeric	Minimum number of numeric characters	`number`	`1`	no
min_special	Minimum number of special characters	`number`	`1`	no
min_upper	Minimum number of upper case characters	`number`	`1`	no
override_special	Provide your own list of special characters	`string`	`"_%@!"`	no
partition	The AWS partition to use	`string`	n/a	yes
path	Path to organize secrets	`string`	n/a	yes
recovery_window_in_days	Number of days that AWS Secrets Manager waits before it can delete the secret.	`number`	`30`	no
regional_tags	a map of strings that contains regional level tags	`map(string)`	`{}`	no
secrets	Specifies the friendly name of the new secrets to be created as key and an optional value field for descriptions	`list(map(string))`	n/a	yes
shared	Whether secrets should be shared across accounts.	`bool`	`false`	no
special	Include special characters in random password string	`bool`	`true`	no
tags	A mapping of tags to assign to the resource	`map(string)`	`{}`	no

Outputs

Name	Description
names	Returns list of secret names to be created.
path	Path to secret values
secret_arns	The ARN values of the generated secrets
secret_iam_policy_doc_json	JSON doc of the policy output to use on roles if desired
secrets	Returns all secrets generated by the secrets manager module

Contributing

If you're interested in contributing to our projects, please review theContributing Guidelines. And send an email toour team to receive a copy of our CLA and start the onboarding process.

License

Copyright

Requirements

Name	Version
terraform	>=1.5.0
aws	~> 5.0
random	~> 3.0

Providers

Name	Version
aws	~> 5.0
random	~> 3.0

Modules

No modules.

Resources

Name	Type
aws_secretsmanager_secret.this	resource
aws_secretsmanager_secret_policy.shared	resource
aws_secretsmanager_secret_version.this	resource
random_password.password	resource
aws_iam_policy_document.resource_policy_MA	data source

Inputs

Name	Description	Type	Default	Required
cross_account_ids	A list of strings containing the account IDs of AWS accounts that should have cross-account access to this secret	`list(string)`	`null`	no
empty_value	Whether the secret should be generated without a value	`bool`	`false`	no
global_tags	a map of strings that contains global level tags	`map(string)`	`{}`	no
kms_key_id	Specifies the ARN or alias of the AWS KMS customer master key (CMK) to be used to encrypt the secret values in the versions stored in this secret.	`string`	n/a	yes
length	The length of the password to be generated	`number`	`15`	no
min_lower	Minimum number of lower case characters	`number`	`1`	no
min_numeric	Minimum number of numeric characters	`number`	`1`	no
min_special	Minimum number of special characters	`number`	`1`	no
min_upper	Minimum number of upper case characters	`number`	`1`	no
names	Specifies the friendly name of the new secrets to be created	`list(string)`	n/a	yes
override_special	Provide your own list of special characters	`string`	`"_%@!"`	no
partition	The AWS partition to use	`string`	n/a	yes
path	Path to organize secrets	`string`	n/a	yes
recovery_window_in_days	Number of days that AWS Secrets Manager waits before it can delete the secret.	`number`	`30`	no
regional_tags	a map of strings that contains regional level tags	`map(string)`	`{}`	no
shared	Whether secrets should be shared across accounts.	`bool`	`false`	no
special	Include special characters in random password string	`bool`	`true`	no
tags	A mapping of tags to assign to the resource	`map(string)`	`{}`	no

Outputs

Name	Description
names	Returns list of secret names to be created.
path	Path to secret values
secret_arns	The ARN values of the generated secrets
secret_iam_policy_doc_json	JSON doc of the policy output to use on roles if desired
secrets	Returns all secrets generated by the secrets manager module

About

Coalfire AWS Secrets Manager Terraform Module

coalfire.com/opensource

Releases

4tags

Packages

No packages published

Languages

HCL100.0%

Movatterモバイル変換

License

CiscoOpsStack/terraform-aws-secretsmanager-ops_stack

Folders and files

Latest commit

History

Repository files navigation

AWS Secrets Manager Terraform Module

Description

Dependencies

Resource List

Deployment Steps

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

Contributing

License

Copyright

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases

Packages0

Uh oh!

Languages

Packages