Creates an AWS Secrets Manager which is populated with a cryptographically
secure random value. This module is useful for populating application secrets
like the SECRET_KEY_BASE in Rails.
Example:
module "application_secret" {
source = "github.com/thoughtbot/terraform-aws-secrets//random-secret"
description = "Application secret for example app"
name = "example-app-secrets"
# Specify a list of environment variables which need secretr values
environment_variables = ["SECRET_KEY_BASE", "API_TOKEN"]
# Optional: customize generation for each secret
random_settings = {
API_TOKEN = {
length = 64
special = true
override_special = "-_/"
}
}
}This module does not support rotation, but it otherwise supports the same
variables for permissions as the generic secret module.
| Name |
Source |
Version |
| secret |
../secret |
n/a |
| Name |
Description |
Type |
Default |
Required |
| admin_principals |
Principals allowed to peform admin actions (default: current account) |
list(string) |
null |
no |
| description |
Description for this secret |
string |
null |
no |
| environment_variables |
Environment variables for which a random value should be set |
list(string) |
n/a |
yes |
| name |
Name for this secret |
string |
n/a |
yes |
| random_settings |
Customize random settings for each secret |
map(any) |
{} |
no |
| read_principals |
Principals allowed to read the secret (default: current account) |
list(string) |
null |
no |
| readwrite_principals |
Principals allowed to both read and write secrets |
list(string) |
[] |
no |
| resource_tags |
Tags to be applied to created resources |
map(string) |
{} |
no |
| secret_policies |
Overrides for the secret resource policies |
list(string) |
[] |
no |
| trust_tags |
Tags required on principals accessing the secret |
map(string) |
{} |
no |