diff --git a/locals.tf b/locals.tf
index 8a3f11ea..8f4ef569 100644
--- a/locals.tf
+++ b/locals.tf
@@ -5,5 +5,19 @@ locals {
   xsiam_secrets_version_development     = "9e0de226-ed1a-4dbc-a42a-e549ff86fb19"
   xsiam_secrets_version_pre_production  = "f3680e16-7395-4c82-947a-be9b5e09b79c"
   xsiam_secrets_version_production      = "a83ace3e-b154-4992-bde2-bf72e2aa9950"
-}
 
+  ## for resources which requires the tags map without the "Name" value
+  ## It uses the "name" attribute internally and concatenates with other attributes
+  tags_admin_minus_name = { for k, v in module.admin_label.tags : k => v if !contains(["Name"], k) }
+  tags_dhcp_minus_name  = { for k, v in module.dhcp_label.tags : k => v if !contains(["Name"], k) }
+  tags_dns_minus_name   = { for k, v in module.dns_label.tags : k => v if !contains(["Name"], k) }
+
+  secret_manager_arns = {
+    codebuild_dhcp_env_admin_db   = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.arn
+    codebuild_dhcp_env_db         = aws_secretsmanager_secret.codebuild_dhcp_env_db.arn
+    staff_device_dhcp_sentry_dsn  = aws_secretsmanager_secret.staff_device_dhcp_sentry_dsn.arn
+    staff_device_dns_sentry_dsn   = aws_secretsmanager_secret.staff_device_dns_sentry_dsn_1.arn
+    staff_device_admin_sentry_dsn = aws_secretsmanager_secret.staff_device_admin_sentry_dsn_1.arn
+    codebuild_dhcp_env_admin_api  = aws_secretsmanager_secret.codebuild_dhcp_env_admin_api.arn
+  }
+}
diff --git a/secrets_manager.admin.tf b/secrets_manager.admin.tf
new file mode 100644
index 00000000..77979dc1
--- /dev/null
+++ b/secrets_manager.admin.tf
@@ -0,0 +1,84 @@
+resource "aws_secretsmanager_secret" "codebuild_dhcp_env_admin_db" {
+  name = "/codebuild/dhcp/${terraform.workspace}/admin/db"
+  #   description = "DNS & DHCP ADMIN - Service RDS Database username & password."
+  provider = aws.env
+  #   tags = merge(local.tags_admin_minus_name,
+  #     { "Name" : "/codebuild/dhcp/${terraform.workspace}/admin/db" }
+  #   )
+}
+
+data "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_db" {
+  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.id
+  provider  = aws.env
+}
+
+resource "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_db" {
+  provider  = aws.env
+  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.id
+  secret_string = jsonencode(
+    merge(
+      {
+        "username" : "adminuser",
+        "password" : random_password.codebuild_dhcp_env_admin_db.result
+      },
+      module.admin.admin_db_details
+    )
+  )
+}
+
+resource "random_password" "codebuild_dhcp_env_admin_db" {
+  length           = 24
+  special          = true
+  override_special = "_!%^"
+
+  lifecycle {
+    ignore_changes = [
+      length,
+      override_special
+    ]
+  }
+}
+
+
+resource "aws_secretsmanager_secret" "codebuild_dhcp_env_admin_api" {
+  name = "/codebuild/dhcp/${terraform.workspace}/admin/api"
+  #   description = "DNS & DHCP ADMIN - Prometheus - HTTP API"
+  provider = aws.env
+  #   tags = merge(local.tags_admin_minus_name,
+  #     { "Name" : "/codebuild/dhcp/${terraform.workspace}/admin/api" }
+  #   )
+}
+
+data "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_api" {
+  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_api.id
+  provider  = aws.env
+}
+
+resource "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_api" {
+  provider  = aws.env
+  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_api.id
+  secret_string = jsonencode(
+    merge(
+      {
+        "endpoint" : "REPLACE_ME",
+        "basic_auth_username" : "REPLACE_ME",
+        "basic_auth_password" : "REPLACE_ME",
+      }
+    )
+  )
+}
+
+resource "aws_secretsmanager_secret" "staff_device_admin_sentry_dsn_1" {
+  name = "/staff-device/admin/sentry_dsn"
+  #   description = "DNS & DHCP ADMIN - Sentry - Application monitoring and debugging software - Data Source Name (DSN)."
+  provider = aws.env
+  #   tags = merge(local.tags_admin_minus_name,
+  #     { "Name" : "/staff-device/admin/sentry_dsn" }
+  #   )
+}
+
+resource "aws_secretsmanager_secret_version" "staff_device_admin_sentry_dsn" {
+  provider      = aws.env
+  secret_id     = aws_secretsmanager_secret.staff_device_admin_sentry_dsn_1.id
+  secret_string = "REPLACE_ME"
+}
diff --git a/secrets_manager.dhcp.tf b/secrets_manager.dhcp.tf
new file mode 100644
index 00000000..4419d93c
--- /dev/null
+++ b/secrets_manager.dhcp.tf
@@ -0,0 +1,55 @@
+resource "aws_secretsmanager_secret" "codebuild_dhcp_env_db" {
+  name = "/codebuild/dhcp/${terraform.workspace}/db"
+  #   description = "DHCP - Service RDS Database username & password."
+  provider = aws.env
+  #   tags = merge(local.tags_dhcp_minus_name,
+  #     { "Name" : "/codebuild/dhcp/${terraform.workspace}/db" }
+  #   )
+}
+
+data "aws_secretsmanager_secret_version" "codebuild_dhcp_env_db" {
+  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_db.id
+  provider  = aws.env
+}
+
+resource "aws_secretsmanager_secret_version" "codebuild_dhcp_env_db" {
+  provider  = aws.env
+  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_db.id
+  secret_string = jsonencode(
+    merge(
+      {
+        "username" : "dhcpuser",
+        "password" : random_password.codebuild_dhcp_env_db.result
+      },
+      module.dhcp.dhcp_db_details
+    )
+  )
+}
+
+resource "random_password" "codebuild_dhcp_env_db" {
+  length           = 24
+  special          = true
+  override_special = "_!%^"
+
+  lifecycle {
+    ignore_changes = [
+      length,
+      override_special
+    ]
+  }
+}
+
+resource "aws_secretsmanager_secret" "staff_device_dhcp_sentry_dsn" {
+  name = "/staff-device/dhcp/sentry_dsn"
+  #   description = "DHCP - Sentry - Application monitoring and debugging software - Data Source Name (DSN)."
+  provider = aws.env
+  #   tags = merge(local.tags_dhcp_minus_name,
+  #     { "Name" : "/staff-device/dhcp/sentry_dsn" }
+  #   )
+}
+
+resource "aws_secretsmanager_secret_version" "staff_device_dhcp_sentry_dsn" {
+  provider      = aws.env
+  secret_id     = aws_secretsmanager_secret.staff_device_dhcp_sentry_dsn.id
+  secret_string = "REPLACE_ME"
+}
diff --git a/secrets_manager.dns.tf b/secrets_manager.dns.tf
new file mode 100644
index 00000000..fd061a59
--- /dev/null
+++ b/secrets_manager.dns.tf
@@ -0,0 +1,14 @@
+resource "aws_secretsmanager_secret" "staff_device_dns_sentry_dsn_1" {
+  name = "/staff-device/dns/sentry_dsn"
+  #   description = "DNS - Sentry - Application monitoring and debugging software - Data Source Name (DSN)."
+  provider = aws.env
+  #   tags = merge(local.tags_dns_minus_name,
+  #     { "Name" : "/staff-device/dns/sentry_dsn" }
+  #   )
+}
+
+resource "aws_secretsmanager_secret_version" "staff_device_dns_sentry_dsn" {
+  provider      = aws.env
+  secret_id     = aws_secretsmanager_secret.staff_device_dns_sentry_dsn_1.id
+  secret_string = "REPLACE_ME"
+}
diff --git a/secrets_manager.tf b/secrets_manager.tf
deleted file mode 100644
index 84c446f3..00000000
--- a/secrets_manager.tf
+++ /dev/null
@@ -1,141 +0,0 @@
-locals {
-  secret_manager_arns = {
-    codebuild_dhcp_env_admin_db   = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.arn
-    codebuild_dhcp_env_db         = aws_secretsmanager_secret.codebuild_dhcp_env_db.arn
-    staff_device_dhcp_sentry_dsn  = aws_secretsmanager_secret.staff_device_dhcp_sentry_dsn.arn
-    staff_device_dns_sentry_dsn   = aws_secretsmanager_secret.staff_device_dns_sentry_dsn_1.arn
-    staff_device_admin_sentry_dsn = aws_secretsmanager_secret.staff_device_admin_sentry_dsn_1.arn
-    codebuild_dhcp_env_admin_api  = aws_secretsmanager_secret.codebuild_dhcp_env_admin_api.arn
-  }
-}
-
-resource "aws_secretsmanager_secret" "codebuild_dhcp_env_admin_db" {
-  name     = "/codebuild/dhcp/${terraform.workspace}/admin/db"
-  provider = aws.env
-}
-
-data "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_db" {
-  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.id
-  provider  = aws.env
-}
-
-resource "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_db" {
-  provider  = aws.env
-  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.id
-  secret_string = jsonencode(
-    merge(
-      {
-        "username" : "adminuser",
-        "password" : random_password.codebuild_dhcp_env_admin_db.result
-      },
-      module.admin.admin_db_details
-    )
-  )
-}
-
-resource "random_password" "codebuild_dhcp_env_admin_db" {
-  length           = 24
-  special          = true
-  override_special = "_!%^"
-
-  lifecycle {
-    ignore_changes = [
-      length,
-      override_special
-    ]
-  }
-}
-
-resource "aws_secretsmanager_secret" "codebuild_dhcp_env_db" {
-  name     = "/codebuild/dhcp/${terraform.workspace}/db"
-  provider = aws.env
-}
-
-data "aws_secretsmanager_secret_version" "codebuild_dhcp_env_db" {
-  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_db.id
-  provider  = aws.env
-}
-
-resource "aws_secretsmanager_secret_version" "codebuild_dhcp_env_db" {
-  provider  = aws.env
-  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_db.id
-  secret_string = jsonencode(
-    merge(
-      {
-        "username" : "dhcpuser",
-        "password" : random_password.codebuild_dhcp_env_db.result
-      },
-      module.dhcp.dhcp_db_details
-    )
-  )
-}
-
-resource "random_password" "codebuild_dhcp_env_db" {
-  length           = 24
-  special          = true
-  override_special = "_!%^"
-
-  lifecycle {
-    ignore_changes = [
-      length,
-      override_special
-    ]
-  }
-}
-
-resource "aws_secretsmanager_secret" "staff_device_dhcp_sentry_dsn" {
-  name     = "/staff-device/dhcp/sentry_dsn"
-  provider = aws.env
-}
-
-resource "aws_secretsmanager_secret_version" "staff_device_dhcp_sentry_dsn" {
-  provider      = aws.env
-  secret_id     = aws_secretsmanager_secret.staff_device_dhcp_sentry_dsn.id
-  secret_string = "REPLACE_ME"
-}
-
-resource "aws_secretsmanager_secret" "staff_device_dns_sentry_dsn_1" {
-  name     = "/staff-device/dns/sentry_dsn"
-  provider = aws.env
-}
-
-resource "aws_secretsmanager_secret_version" "staff_device_dns_sentry_dsn" {
-  provider      = aws.env
-  secret_id     = aws_secretsmanager_secret.staff_device_dns_sentry_dsn_1.id
-  secret_string = "REPLACE_ME"
-}
-
-resource "aws_secretsmanager_secret" "staff_device_admin_sentry_dsn_1" {
-  name     = "/staff-device/admin/sentry_dsn"
-  provider = aws.env
-}
-
-resource "aws_secretsmanager_secret_version" "staff_device_admin_sentry_dsn" {
-  provider      = aws.env
-  secret_id     = aws_secretsmanager_secret.staff_device_admin_sentry_dsn_1.id
-  secret_string = "REPLACE_ME"
-}
-
-resource "aws_secretsmanager_secret" "codebuild_dhcp_env_admin_api" {
-  name     = "/codebuild/dhcp/${terraform.workspace}/admin/api"
-  provider = aws.env
-}
-
-data "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_api" {
-  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_api.id
-  provider  = aws.env
-}
-
-resource "aws_secretsmanager_secret_version" "codebuild_dhcp_env_admin_api" {
-  provider  = aws.env
-  secret_id = aws_secretsmanager_secret.codebuild_dhcp_env_admin_api.id
-  secret_string = jsonencode(
-    merge(
-      {
-        "endpoint" : "REPLACE_ME",
-        "basic_auth_username" : "REPLACE_ME",
-        "basic_auth_password" : "REPLACE_ME",
-      }
-    )
-  )
-}