| Name | Version |
|---|---|
| terraform | ~> 1.0 |
No providers.
| Name | Source | Version |
|---|---|---|
| secret | ./modules/secret | n/a |
| secret_policy | ./modules/secret_policy | n/a |
| secret_rotation | ./modules/secret_rotation | n/a |
| secret_version | ./modules/secret_version | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_secret | Whether to create this resource or not? | bool |
true |
no |
| create_secret_policy | Whether to create this resource or not? | bool |
false |
no |
| create_secret_rotation | Whether to create this resource or not? | bool |
false |
no |
| create_secret_version | Whether to create this resource or not? | bool |
false |
no |
| description | Description of the secret | string |
null |
no |
| force_overwrite_replica_secret | Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region | bool |
null |
no |
| kms_key_id | ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time. |
string |
null |
no |
| name | Required if create_secret is true. Friendly name of the new secret |
string |
null |
no |
| policy | Required if create_secret_policy is true. Valid JSON document representing a resource policy |
string |
null |
no |
| recovery_window_in_days | Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30 |
number |
30 |
no |
| replica | Configuration block to support secret replication | map(any) |
{} |
no |
| rotation_lambda_arn | Required if create_secret_rotation is true. Specifies the ARN of the Lambda function that can rotate the secret |
string |
null |
no |
| rotation_rules | Required if create_secret_rotation is true. A structure that defines the rotation configuration for this secret |
map(object({ |
{} |
no |
| secret_binary | Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64 | string |
null |
no |
| secret_id | Required if create_secret_version is set to true. Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist |
string |
null |
no |
| secret_string | Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set | string |
null |
no |
| tags | A map of tags to assign to the resource | map(string) |
{} |
no |
| use_name_prefix | Determines whether to use name as is or create a unique name beginning with name as the specified prefix |
bool |
true |
no |
| version_stages | Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label AWSCURRENT to this new version on creation. |
list(string) |
[] |
no |
| Name | Description |
|---|---|
| secret_arn | The ARN of the secret |
| secret_id | The ID of the secret |
| secret_name | The name of the secret |
| secret_policy_id | The ID of the secret policy |
| secret_replica | Attributes of a replica |
| secret_rotation_enabled | Specifies whether automatic rotation is enabled for this secret |
| secret_rotation_id | Amazon Resource Name (ARN) of the secret |