Init

create-secret/providers.tf

@@ -0,0 +1,9 @@
+provider "vault" {
+  address          = "https://prod.sm.eu01.stackit.cloud"
+  skip_child_token = true
+
+  auth_login_userpass {
+    username = var.secret_manager_username 
+    password = var.secret_manager_password
+  }
+}

create-secret/secret.tf

@@ -0,0 +1,7 @@
+resource "vault_kv_secret_v2" "this" {
+  mount               = var.secret_manager_instance_id
+  name                = var.secrets_path
+  cas                 = 1
+  delete_all_versions = true
+  data_json           = jsonencode(var.secret_data)
+}

create-secret/variables.tf

@@ -0,0 +1,29 @@
+# Secret Manager 
+variable "secret_manager_instance_id" {
+  description = "instance id of the secret mangert to store credentials"
+  type        = string
+  default = ""
+}
+
+variable "secret_manager_username" {
+  description = "username of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+variable "secret_manager_password" {
+  description = "password of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+variable "secrets_path" {
+  description = "path in secret manager to store the postgres credentials"
+  type        = string
+  default = ""
+}
+
+variable "secret_data" {
+  description = "Secret data in JSON format"
+  type = map(string)
+}