Terraform-provider-aws: Feature Request: Support AWS Secrets Manager Secrets
Amazon has released a new service, AWS Secrets Manager, which is a secrets management service. https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/
Please vote on this issue by adding a :+1: reaction to the original issue to help prioritize interest. If you're interested in implementing this feature request, please comment below.
Prerequisites:
- aws-sdk-go v1.13.28: #4048
meta.(*AWSClient).acmpcaconn: #4049
Terraform Version
terraform 0.10+
New Resource(s)
aws_secretsmanager_secret
Terraform Configuration Files
# Example implementation, may change when developed
resource "aws_secretsmanager_secret" "example" {
description = "" # optional
kms_key_id = "" # optional
name = "" # required
# ... likely attributes for generating a secret ...
tags = { # optional
key = value
}
}
Expected Behavior
Resource creates, updates, and deletes Secret Manager secrets.
Actual Behavior
New feature.
References
bflad
All 8 comments
While we're at it, if possible, please add data source(s) as well (#4073)
catsby
on 5 Apr 2018
I'm willing to bet more people are probably interested in the data source, as opposed to terraform resource.
pembroke-corgi
on 13 Apr 2018
I'll be taking a first pass at creating the resource and data source. More updates in the coming days.
bflad
on 18 Apr 2018
Submitted PR #4272 with the below.
New Resources:
aws_secretsmanager_secret(manage secret metadata)aws_secretsmanager_secretversion(store secret value)
New Data Sources:
aws_secretsmanager_secret(retrieve secret metadata)aws_secretsmanager_secretversion(retrieve secret value)
While implementing these I discovered we _may_ want to also introduce a aws_secretsmanager_secret_stage resource as well, but let's leave that for after the initial implementation.
bflad
on 19 Apr 2018
The above new resources and data sources have been merged into master via #4272 and will release with v1.16.0 of the AWS provider, likely tomorrow. 馃殌
bflad
on 24 Apr 2018
This has been released in version 1.16.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
bflad
on 25 Apr 2018
Love this, thanks. Quick question - are there plans to add the option to create a credential from Terraform? Right now the key must exist, as the documentation says - it'd be lovely to be able to crate keys from Terraform.
teamhanded
on 25 Apr 2018
@teamhanded that seems pretty reasonable if you're not using the Lambda rotation functionality and would rather not implement your own secure method of randomly generating the secret string. I have created a separate issue (recommended practice in this repository) for that: #4353
I went ahead and also created a separate issue for a new resource to manage the version staging labels more like an alias: #4354
I noticed that I missed the aws_secretsmanager_secret_version resource link in the website sidebar. That will be fixed via #4351 and pushed out very shortly. 馃槄 Sorry about that.
Also submitted some more documentation about the Lambda required for automatically rotation secrets in #4352.
Due to this issue's popularity, I'm going to lock it to encourage any bugs/feature requests to be created as new issues - hopefully following the issue template for all the details. Happy Terraform'ing everyone! 馃帀
bflad
on 25 Apr 2018
Related issues
ccslamstack
路
3Comments
ghost
路
3Comments
hazmeister
路
3Comments
joelittlejohn
路
3Comments
reedloden
路
3Comments
Most helpful comment
Submitted PR #4272 with the below.
New Resources:
aws_secretsmanager_secret(manage secret metadata)aws_secretsmanager_secretversion(store secret value)New Data Sources:
aws_secretsmanager_secret(retrieve secret metadata)aws_secretsmanager_secretversion(retrieve secret value)While implementing these I discovered we _may_ want to also introduce a
aws_secretsmanager_secret_stageresource as well, but let's leave that for after the initial implementation.