secrets
Description
The Provose secrets
module is a mapping of names to secret values. These are stored in Amazon Secrets Manager and can be accessed by containers deployed with the Provose containers
module.
Examples
This is an example of defining secrets with the Provose secrets
module, and then consuming them in the containers
module.
variable "some_secret" {
type = string
default = "This is how to use a Terraform variable."
}
module "myproject" {
source = "github.com/provose/provose?ref=v3.0.0"
provose_config = {
authentication = {
aws = {
region = "us-east-1"
}
}
name = "myproject"
internal_root_domain = "example-internal.com"
internal_subdomain = "production"
}
# Be careful not to put the actual values of your secrets into Git
# or your version control.
secrets = {
root_password = "...insert password here..."
secret_key = "...insert secret key here..."
# Use Terraform variables to specify secret values so they don't end
# up in your source code.
other_secret = var.some_secret
}
# Here we include a container configuration as an example of how
# other Provose modules use secrets.
containers = {
helloexample = {
# these secrets named `root_password` and `secret_key` are retrieved
# from AWS Secrets Manager and inserted into this Elastic Container Service
# configuration as environment variables named `ROOT_PASSWORD` and
# `APPLICATION_SECRET_KEY`.
secrets = {
ROOT_PASSWORD = "root_password"
APPLICATION_SECRET_KEY = "secret_key"
}
# The configuration below this comment is just standard setup
# for a container.
image = {
name = "nginxdemos/hello"
tag = "latest"
private_registry = false
}
public = {
https = {
internal_http_port = 80
internal_http_health_check_path = "/"
public_dns_names = ["demo.example.com"]
}
}
instances = {
instance_type = "FARGATE"
container_count = 10
cpu = 256
memory = 512
}
}
}
}
Inputs
A typical Provose secrets module configuration looks like
secrets = {
secret_name = "secret value as a string"
other_secret_name = var.some_secret_variable
}
Outputs
-
secrets.aws_secretsmanager_secret.secrets
– This is a mapping ofaws_secretsmanager_secret
resources for every secret specified. -
secrets.aws_secretsmanager_secret_version.secrets
– This is a mapping ofaws_secretsmanager_secret_version
resources for every secret specified.