Skip to content

Files

Latest commit

terraform-ibm-modules-opsterraform-ibm-modules-ops
fix(deps): update terraform-module (#289)
Feb 22, 2025
5f5cc8b · Feb 22, 2025

History

History

secrets

README.md

Secret Manager secrets module

You can use this submodule to create of secret groups or secrets in an existing Secret Manager instance.

The submodule extends the secrets and secret_group module by including support for multiple secrets.

Usage

provider "ibm" {
  ibmcloud_api_key     = "XXXXXXXXXXXXXX"  # pragma: allowlist secret
  region               = "us-south"
}

module "secrets_manager" {
  source                     = "terraform-ibm-modules/secrets-manager/ibm//modules/secrets"
  version                     = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  existing_sm_instance_guid   = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
  existing_sm_instance_region = "us-south"
  endpoint_type               = "public"
  secrets = [{
    secret_group_name = "secret-group"
    secrets = [{
      secret_name             = "secret1"
      secret_type             = "arbitrary"
      secret_username         = "test"
      secret_payload_password = "test"
      },
      {
        secret_name             = "secret2"
        secret_type             = "arbitrary"
        secret_username         = "test"
        secret_payload_password = "test"
      }
    ]
    }
  ]
}

Requirements

Name Version
terraform >= 1.3.0
ibm >=1.62.0, <2.0.0

Modules

Name Source Version
secret_groups terraform-ibm-modules/secrets-manager-secret-group/ibm 1.2.2
secrets terraform-ibm-modules/secrets-manager-secret/ibm 1.7.0

Resources

Name Type
ibm_sm_secret_groups.existing_secret_groups data source

Inputs

Name Description Type Default Required
endpoint_type The service endpoint type to communicate with the provided secrets manager instance. Possible values are public or private string "public" no
existing_sm_instance_guid Instance ID of Secrets Manager instance in which the Secret will be added. string n/a yes
existing_sm_instance_region Region which the Secret Manager is deployed. string n/a yes
secrets Secret Manager secrets configurations. 
list(object({
    secret_group_name        = string
    secret_group_description = optional(string)
    existing_secret_group    = optional(bool, false)
    secrets = optional(list(object({
      secret_name                                 = string
      secret_description                          = optional(string)
      secret_type                                 = optional(string)
      imported_cert_certificate                   = optional(string)
      imported_cert_private_key                   = optional(string)
      imported_cert_intermediate                  = optional(string)
      secret_username                             = optional(string)
      secret_labels                               = optional(list(string), [])
      secret_payload_password                     = optional(string, "")
      secret_auto_rotation                        = optional(bool, true)
      secret_auto_rotation_unit                   = optional(string, "day")
      secret_auto_rotation_interval               = optional(number, 89)
      service_credentials_ttl                     = optional(string, "7776000") # 90 days
      service_credentials_source_service_crn      = optional(string)
      service_credentials_source_service_role_crn = optional(string)
      service_credentials_source_service_hmac     = optional(bool, false)
    })))
  }))
 [] no

Outputs

Name Description
secret_groups IDs of the created Secret Group
secrets List of secret mananger secret config data