Terraform module to extract secrets from AWS Secrets Manager.
You can get the data from a secret using the following syntax:
module "secrets_prod" {
source = "github.com/theuves/tf-secrets-manager.git?ref=master"
secret_name = "my/secrets/prod"
}
# Retrieve the secrets with `module.secrets_prod.<output_name>`.NOTE: We recomend replace the ref=master argument by a specific version, example: ?ref=v1.0.0 (see all releases here).
| Name | Description | Type | Default value |
|---|---|---|---|
secret_name |
Secret name. | string |
n/a |
| Name | Description | Type | Sensitive |
|---|---|---|---|
taskdef_secret |
AWS ECS Task Definition secret (valueFrom). | list(map) |
false |
taskdef_environment |
AWS ECS Task Definition environment (value). | list(map) |
true |
dotenv |
Dotenv format (key-value pairs). | string |
true |
linux |
Linux format. | string |
true |
If you have a secret called mydb with the following data:
| Name | Value |
|---|---|
DB_HOST |
mydb.com |
DB_USER |
user |
DB_PASS |
pass |
AWS ECS Task Definition secret (valueFrom).
[
{
name = "DB_HOST"
valueFrom = "arn:aws:secretsmanager:<region>:<account_id>:secret:mydb-<version>:DB_HOST::"
},
{
name = "DB_USER"
valueFrom = "arn:aws:secretsmanager:<region>:<account_id>:secret:mydb-<version>:DB_USER::"
},
{
name = "DB_PASS"
valueFrom = "arn:aws:secretsmanager:<region>:<account_id>:secret:mydb-<version>:DB_PASS::"
}
]AWS ECS Task Definition environment (value).
[
{
name = "DB_HOST"
value = "mydb.com"
},
{
name = "DB_USER"
value = "user"
},
{
name = "DB_PASS"
value = "pass"
}
]Dotenv format (key-value pairs).
"DB_HOST='mydb.com'
DB_USER='user'
DB_PASS='pass'"Linux format.
"export DB_HOST='mydb.com'
export DB_USER='user'
export DB_PASS='pass'"MIT © Matheus Alves