Azure needs to create a secret vault in addition to the secret. So in order to have a consistent architecture between AWS and Azure it makes sense to group all secrets together in one module rather than have the module create each secret separately.
Requirements
we want to convert module/secret to module/secrets, and instead of taking one secret config, we'll want to take a list of secrets.
we also want to add a service_name variable that we can use to tag all the secrets. In azure the service_name would be used to create the secret vault.
since this changes the way the module is called, once we merge this, in our release notes we'll want to provide instructions for project teams to mv the secret resource from the old terraform path of module.secret[secret_name].aws_ssm_parameter.secret to module.secrets.aws_ssm_parameter.secrets[secret_name]
Azure needs to create a secret vault in addition to the secret. So in order to have a consistent architecture between AWS and Azure it makes sense to group all secrets together in one module rather than have the module create each secret separately.
Requirements
e.g. the secrets module will be called like this
Note: Migration steps
since this changes the way the module is called, once we merge this, in our release notes we'll want to provide instructions for project teams to mv the secret resource from the old terraform path of
module.secret[secret_name].aws_ssm_parameter.secret
tomodule.secrets.aws_ssm_parameter.secrets[secret_name]