Skip to content

Commit

Permalink
Moved secrets from mp-repo to delius-jitbit
Browse files Browse the repository at this point in the history
  • Loading branch information
sukeshreddyg committed Jan 26, 2024
1 parent 831fd16 commit 21fdf73
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions terraform/environments/delius-jitbit/secrets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,39 @@ resource "aws_secretsmanager_secret_version" "db_app_connection_string" {
ignore_changes = [secret_string]
}
}

resource "aws_secretsmanager_secret" "s3_user_access_key" {
# checkov:skip=CKV_AWS_149: "KMS key not required standard encryption is fine here"
# checkov:skip=CKV2_AWS_57:Auto rotation not currently possible
name = "${local.application_name}-s3-user-access-key"
recovery_window_in_days = 0
tags = merge(
local.tags,
{
Name = "${local.application_name}-s3-user-access-key"
}
)
}

resource "aws_secretsmanager_secret_version" "s3_user_access_key" {
secret_id = aws_secretsmanager_secret.s3_user_access_key.id
secret_string = aws_iam_access_key.s3_user.id
}

resource "aws_secretsmanager_secret" "s3_user_secret_key" {
# checkov:skip=CKV_AWS_149: "KMS key not required standard encryption is fine here"
# checkov:skip=CKV2_AWS_57:Auto rotation not currently possible
name = "${local.application_name}-s3-user-secret-key"
recovery_window_in_days = 0
tags = merge(
local.tags,
{
Name = "${local.application_name}-s3-user-secret-key"
}
)
}

resource "aws_secretsmanager_secret_version" "s3_user_secret_key" {
secret_id = aws_secretsmanager_secret.s3_user_secret_key.id
secret_string = aws_iam_access_key.s3_user.secret
}

0 comments on commit 21fdf73

Please sign in to comment.