-
Notifications
You must be signed in to change notification settings - Fork 0
/
secretsmanager.tf
85 lines (73 loc) · 2.79 KB
/
secretsmanager.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# Gitlab secrets
resource "random_password" "atlantis_gitlab_secret" {
count = var.gitlab_username != "" ? 1 : 0
length = 24
special = false
numeric = true
upper = true
lower = true
}
resource "aws_secretsmanager_secret" "atlantis_gitlab_secret" {
count = var.gitlab_username != "" ? 1 : 0
name = "atlantis-gitlab-secret"
description = "GitLab secret for atlantis"
kms_key_id = var.kms_key_id
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "atlantis_gitlab_secret" {
count = var.gitlab_username != "" ? 1 : 0
secret_id = aws_secretsmanager_secret.atlantis_gitlab_secret[0].id
secret_string = random_password.atlantis_gitlab_secret[0].result
}
resource "aws_secretsmanager_secret" "atlantis_gitlab_token" {
count = var.gitlab_username != "" ? 1 : 0
name = "atlantis-gitlab-token"
description = "GitLab token for atlantis"
kms_key_id = var.kms_key_id
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "atlantis_gitlab_token" {
count = var.gitlab_username != "" ? 1 : 0
secret_id = aws_secretsmanager_secret.atlantis_gitlab_token[0].id
secret_string = "to_be_replaced"
lifecycle {
ignore_changes = [secret_string]
}
}
data "aws_secretsmanager_secret_version" "atlantis_gitlab_token" {
count = var.gitlab_username != "" ? 1 : 0
secret_id = aws_secretsmanager_secret.atlantis_gitlab_token[0].id
}
# Github secrets
resource "random_password" "atlantis_gh_secret" {
count = var.github_username != "" ? 1 : 0
length = 24
special = false
numeric = true
upper = true
lower = true
}
resource "aws_secretsmanager_secret" "atlantis_gh_secret" {
count = var.github_username != "" ? 1 : 0
name = "atlantis-github-secret"
description = "Github secret for atlantis"
kms_key_id = var.kms_key_id
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "atlantis_gh_secret" {
count = var.github_username != "" ? 1 : 0
secret_id = aws_secretsmanager_secret.atlantis_gh_secret[0].id
secret_string = random_password.atlantis_gh_secret[0].result
}
resource "aws_secretsmanager_secret" "atlantis_gh_token" {
count = var.github_username != "" ? 1 : 0
name = "atlantis-github-token"
description = "Giihub token for atlantis"
kms_key_id = var.kms_key_id
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "atlantis_gh_token" {
count = var.github_username != "" ? 1 : 0
secret_id = aws_secretsmanager_secret.atlantis_gh_token[0].id
secret_string = "to_be_replaced"
}