Skip to content

Coalfire-CF/terraform-google-secret-manager

BranchesTags

Repository files navigation

Coalfire

Google Cloud Secret Manager Terraform Module

Description

This Secret Manager module allows you to easily create any needed secrets in Secret Manager. This module loops through a list of variable names and creates a secret and randomly generated password for each item. Coalfire has tested this module with Terraform version 1.5.0 and the Hashicorp Google provider versions 4.70 - 5.0.

FedRAMP Compliance: Moderate

Usage

module "ad-secrets" {
  source = "github.com/Coalfire-CF/terraform-gcp-secret-manager"

  project_id = "your-project-id"
  region     = "us-central1-a"

  secrets = [
    {
      id = "db1-password",
    },
    {
      id = "db2-password",
    }
  ]

  kms_key_name = "kms-key-name"

  length           = 15
  special          = true
  override_special = "_%@!"
  min_lower        = 1
  min_upper        = 1
  min_numeric      = 1
  min_special      = 1
}

Requirements

No requirements.

Providers

Name Version
google n/a
random n/a

Modules

No modules.

Resources

Name Type
google_secret_manager_secret.secrets resource
google_secret_manager_secret_version.secret_versions resource
random_password.password resource

Inputs

Name Description Type Default Required
kms_key_name Specifies the key of the CMEK to be used to encrypt the secret values in the versions stored in this secret. string n/a yes
length The length of the password to be generated number 15 no
min_lower Minimum number of lower case characters number 1 no
min_numeric Minimum number of numeric characters number 1 no
min_special Minimum number of special characters number 1 no
min_upper Minimum number of upper case characters number 1 no
override_special Provide your own list of special characters string "_%@!" no
project_id The project ID to manage the Secret Manager resources string n/a yes
region The GCP region to create resources in. string n/a yes
secrets The list of the secrets 
list(object({
    id           = string
    data         = optional(string)
    skip_version = optional(bool, false)
  }))
 [] no
special Include special characters in random password string bool true no

Outputs

Name Description
names List of secret names
secrets List of secrets
secrets_versions List of secret versions

About

Coalfire GCP Secret Manager Terraform Module

coalfire.com/opensource

Topics

gcp compliance fedramp terraform-module

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 7

Release v1.0.6 Latest
Feb 29, 2024
+ 6 releases

Contributors 5

Languages