Store db password as a secret

Author: ikovac

src/components/database.ts

@@ -16,8 +16,8 @@ export type DatabaseArgs = {
    */
   vpc: awsx.ec2.Vpc;
   /**
-   * Password for the master DB user. If not specified, it will be autogenerated
-   * and stored as a secret in AWS Secret Manager.
+   * Password for the master DB user. If not specified, it will be autogenerated.
+   * The value will be stored as a secret in AWS Secret Manager.
    */
   password?: pulumi.Input<string>;
   /**
@@ -61,7 +61,7 @@ export class Database extends pulumi.ComponentResource {
   kms: aws.kms.Key;
   dbSubnetGroup: aws.rds.SubnetGroup;
   dbSecurityGroup: aws.ec2.SecurityGroup;
-  passwordSecret?: aws.secretsmanager.Secret;
+  passwordSecret: aws.secretsmanager.Secret;
 
   constructor(
     name: string,
@@ -118,24 +118,22 @@ export class Database extends pulumi.ComponentResource {
         .getRandomPasswordOutput()
         .apply(res => res.randomPassword);
 
-    if (!argsWithDefaults.password) {
-      this.passwordSecret = new aws.secretsmanager.Secret(
-        `${name}-password-secret`,
-        {
-          name: `${stack}/${project}/DatabasePassword`,
-        },
-        { parent: this },
-      );
+    this.passwordSecret = new aws.secretsmanager.Secret(
+      `${name}-password-secret`,
+      {
+        name: `${stack}/${project}/DatabasePassword`,
+      },
+      { parent: this },
+    );
 
-      const passwordSecretValue = new aws.secretsmanager.SecretVersion(
-        `${name}-password-secret-value`,
-        {
-          secretId: this.passwordSecret.id,
-          secretString: password,
-        },
-        { parent: this, dependsOn: [this.passwordSecret] },
-      );
-    }
+    const passwordSecretValue = new aws.secretsmanager.SecretVersion(
+      `${name}-password-secret-value`,
+      {
+        secretId: this.passwordSecret.id,
+        secretString: password,
+      },
+      { parent: this, dependsOn: [this.passwordSecret] },
+    );
 
     this.instance = new aws.rds.Instance(
       `${name}-rds`,