Open osterman opened 6 years ago
I think we can also add support for SecretsManager or ParameterStore. If the maintainers agree I could make a PR to support 2 new parameters: admin_user_ssm_path and admin_password_ssm_path
Even if you just allowed the master password to be managed separately (as though it were in a lifecycle ignore_changes) block that would be sufficient for my use case. As it stands this seems terribly insecure.
At the moment, we use random provider to create the master password which is stored in SSM and then the value is fed to this module.
This is now natively supported by RDS and Terraform provider. I think this issue can be closed in favour of #166
what
why
references
https://www.terraform.io/docs/providers/aws/d/kms_secrets.html