Skip to content

Commit 6ea132b

Browse files
committed
feat(security): add Secrets Manager module
1 parent 9bde303 commit 6ea132b

File tree

4 files changed

+30
-0
lines changed

4 files changed

+30
-0
lines changed

terraform/aws/main.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,3 +59,9 @@ module "waf" {
5959

6060
project_name = var.project_name
6161
}
62+
63+
module "secrets" {
64+
source = "./modules/secrets"
65+
66+
project_name = var.project_name
67+
}
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
# Secret pour le mot de passe Redis
2+
resource "aws_secretsmanager_secret" "redis_password" {
3+
name = "${var.project_name}/redis-password"
4+
}
5+
6+
# Generer un mot de passe aleatoire
7+
resource "random_password" "redis" {
8+
length = 32
9+
special = false
10+
}
11+
12+
# Stocker le mot de passe dans le secret
13+
resource "aws_secretsmanager_secret_version" "redis_password" {
14+
secret_id = aws_secretsmanager_secret.redis_password.id
15+
secret_string = jsonencode({
16+
password = random_password.redis.result
17+
})
18+
}
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
output "redis_secret_arn" {
2+
value = aws_secretsmanager_secret.redis_password.arn
3+
}
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
variable "project_name" {
2+
type = string
3+
}

0 commit comments

Comments
 (0)