Init

secrets-manager/outputs.tf

@@ -0,0 +1,13 @@
+output "sm_instance" {
+  value = stackit_secretsmanager_instance.secret_manager.instance_id
+}
+
+output "sm_user" {
+  value     = stackit_secretsmanager_user.secret_manager_user.username
+  sensitive = true
+}
+
+output "sm_pw" {
+  value     = stackit_secretsmanager_user.secret_manager_user.password
+  sensitive = true
+}

secrets-manager/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.43.3"
+    }
+  }
+}

secrets-manager/secrets-manager.tf

@@ -0,0 +1,40 @@
+// Create STACKIT Secrets Manager Instance
+resource "stackit_secretsmanager_instance" "secret_manager" {
+  project_id = var.stackit_project_id
+  name       = var.secret_manager_name
+}
+
+// Define STACKIT Secrets Manager User
+resource "stackit_secretsmanager_user" "secret_manager_user" {
+  depends_on = [ stackit_secretsmanager_instance.secret_manager ]
+  project_id    = var.stackit_project_id
+  instance_id   = stackit_secretsmanager_instance.secret_manager.instance_id
+  description   = var.secret_manager_user_desc
+  write_enabled = var.secret_manager_user_write_enabled
+}
+
+// Configure Secret Manager Provider
+provider "vault" {
+  address          = "https://prod.sm.eu01.stackit.cloud"
+  skip_child_token = true
+
+  auth_login_userpass {
+    username = stackit_secretsmanager_user.secret_manager_user.username
+    password = stackit_secretsmanager_user.secret_manager_user.password
+  }
+}
+
+// Store Secret Manager Credentaisl in Secret Manager
+resource "vault_kv_secret_v2" "secret_manager_cred_save" {
+  depends_on = [ stackit_secretsmanager_instance.secret_manager ]
+  mount               = stackit_secretsmanager_instance.secret_manager.instance_id
+  name                = "secret-manager/users/editor"
+  cas                 = 1
+  delete_all_versions = true
+  data_json = jsonencode(
+    {
+     username = stackit_secretsmanager_user.secret_manager_user.username,
+     password = stackit_secretsmanager_user.secret_manager_user.password
+    }
+  )
+}

secrets-manager/variables.tf

@@ -0,0 +1,19 @@
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+variable "secret_manager_name" {
+  description = "the name of the secret manager instance"
+  type        = string
+}
+
+variable "secret_manager_user_desc" {
+  description = "role description for the secret manager user"
+  type        = string
+}
+
+variable "secret_manager_user_write_enabled" {
+  description = "gives user write permissions"
+  type        = bool
+}