Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add name_prefix attribute to aws_secretsmanager_secret #6054

Closed
garyp opened this issue Oct 2, 2018 · 3 comments · Fixed by #6277
Closed

Add name_prefix attribute to aws_secretsmanager_secret #6054

garyp opened this issue Oct 2, 2018 · 3 comments · Fixed by #6277
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/secretsmanager Issues and PRs that pertain to the secretsmanager service.
Milestone
v1.42.0

Comments

@garyp
Copy link

garyp commented Oct 2, 2018

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS secrets are by default kept around for a few days after being deleted so they can be recovered. This causes creation of aws_secretsmanager_secret resources to fail when doing a terraform apply immediately after a terraform destroy, since the secret still exists in AWS (even though it is marked for deletion). The recommended terraform solution is to set recovery_window_in_days = 0 so that the secret is deleted immediately on destroy.

For some use cases we want the extra protection that recovery_window_in_days > 0 provides, so we don't accidentally blow away an important secret. In those cases it'd be helpful to use name_prefix to still allow a new version of the secret to be deleted before the old version has expired.

New or Affected Resource(s)

  • aws_secretsmanager_secret

Potential Terraform Configuration

resource "aws_secretsmanager_secret" "db_password" {
  name_prefix = "db-password-"
}

References
@garyp garyp mentioned this issue Oct 2, 2018
Closed
@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. service/secretsmanager Issues and PRs that pertain to the secretsmanager service. labels Oct 3, 2018
@saravanan30erd saravanan30erd mentioned this issue Oct 26, 2018
Merged
@bflad bflad added this to the v1.42.0 milestone Oct 26, 2018
bflad added a commit that referenced this issue Oct 26, 2018
@bflad
Merge pull request #6277 from saravanan30erd/issue-6054
45df614 
Issue #6054 Add name_prefix attribute to aws_secretsmanager_secret
@bflad
Copy link
Contributor

bflad commented Oct 26, 2018

The name_prefix argument has been merged and will release with version 1.42.0 of the AWS provider, likely in the next few days.

@bflad
Copy link
Contributor

bflad commented Nov 1, 2018

This has been released in version 1.42.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 2, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/secretsmanager Issues and PRs that pertain to the secretsmanager service.
Projects
None yet
Milestone
v1.42.0
2 participants
@garyp @bflad