search

navapbc / template-infra

A template to set up foundational infrastructure for your application in AWS
Apache License 2.0
9 stars 2 forks source link

Convert secret module to create multiple secrets #642

Open lorenyu opened 2 weeks ago

lorenyu commented 2 weeks ago

Azure needs to create a secret vault in addition to the secret. So in order to have a consistent architecture between AWS and Azure it makes sense to group all secrets together in one module rather than have the module create each secret separately.

Requirements

  1. we want to convert module/secret to module/secrets, and instead of taking one secret config, we'll want to take a list of secrets.
  2. we also want to add a service_name variable that we can use to tag all the secrets. In azure the service_name would be used to create the secret vault.

e.g. the secrets module will be called like this

module "secrets" {
  source = "../modules/secrets"
  service_name = local.service_name
  secrets = local.service_config.secrets
}

Note: Migration steps

since this changes the way the module is called, once we merge this, in our release notes we'll want to provide instructions for project teams to mv the secret resource from the old terraform path of module.secret[secret_name].aws_ssm_parameter.secret to module.secrets.aws_ssm_parameter.secrets[secret_name]

lorenyu commented 2 weeks ago

marking high so we can keep azure and aws in sync