40 lines
1.4 KiB
HCL
40 lines
1.4 KiB
HCL
// Create STACKIT Secrets Manager Instance
|
|
resource "stackit_secretsmanager_instance" "secret_manager" {
|
|
project_id = var.stackit_project_id
|
|
name = var.secret_manager_name
|
|
}
|
|
|
|
// Define STACKIT Secrets Manager User
|
|
resource "stackit_secretsmanager_user" "secret_manager_user" {
|
|
depends_on = [ stackit_secretsmanager_instance.secret_manager ]
|
|
project_id = var.stackit_project_id
|
|
instance_id = stackit_secretsmanager_instance.secret_manager.instance_id
|
|
description = var.secret_manager_user_desc
|
|
write_enabled = var.secret_manager_user_write_enabled
|
|
}
|
|
|
|
// Configure Secret Manager Provider
|
|
provider "vault" {
|
|
address = "https://prod.sm.eu01.stackit.cloud"
|
|
skip_child_token = true
|
|
|
|
auth_login_userpass {
|
|
username = stackit_secretsmanager_user.secret_manager_user.username
|
|
password = stackit_secretsmanager_user.secret_manager_user.password
|
|
}
|
|
}
|
|
|
|
// Store Secret Manager Credentaisl in Secret Manager
|
|
resource "vault_kv_secret_v2" "secret_manager_cred_save" {
|
|
depends_on = [ stackit_secretsmanager_instance.secret_manager ]
|
|
mount = stackit_secretsmanager_instance.secret_manager.instance_id
|
|
name = "secret-manager/users/editor"
|
|
cas = 1
|
|
delete_all_versions = true
|
|
data_json = jsonencode(
|
|
{
|
|
username = stackit_secretsmanager_user.secret_manager_user.username,
|
|
password = stackit_secretsmanager_user.secret_manager_user.password
|
|
}
|
|
)
|
|
}
|