feat(security): add Secrets Manager module

jubskan3ki · jubskan3ki · commit 6ea132b2edff · 2026-02-08T15:38:48.000+01:00
diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
@@ -59,3 +59,9 @@ module "waf" {
 
   project_name = var.project_name
 }
+
+module "secrets" {
+  source = "./modules/secrets"
+
+  project_name = var.project_name
+}
diff --git a/terraform/aws/modules/secrets/main.tf b/terraform/aws/modules/secrets/main.tf
@@ -0,0 +1,18 @@
+# Secret pour le mot de passe Redis
+resource "aws_secretsmanager_secret" "redis_password" {
+  name = "${var.project_name}/redis-password"
+}
+
+# Generer un mot de passe aleatoire
+resource "random_password" "redis" {
+  length  = 32
+  special = false
+}
+
+# Stocker le mot de passe dans le secret
+resource "aws_secretsmanager_secret_version" "redis_password" {
+  secret_id = aws_secretsmanager_secret.redis_password.id
+  secret_string = jsonencode({
+    password = random_password.redis.result
+  })
+}
diff --git a/terraform/aws/modules/secrets/outputs.tf b/terraform/aws/modules/secrets/outputs.tf
@@ -0,0 +1,3 @@
+output "redis_secret_arn" {
+  value = aws_secretsmanager_secret.redis_password.arn
+}
diff --git a/terraform/aws/modules/secrets/variables.tf b/terraform/aws/modules/secrets/variables.tf
@@ -0,0 +1,3 @@
+variable "project_name" {
+  type = string
+}

Original file line number	Diff line number	Diff line change
`@@ -59,3 +59,9 @@ module "waf" {`
`59`	`59`
`60`	`60`	`project_name = var.project_name`
`61`	`61`	`}`
	`62`	`+`
	`63`	`+module "secrets" {`
	`64`	`+ source = "./modules/secrets"`
	`65`	`+`
	`66`	`+ project_name = var.project_name`
	`67`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+output "redis_secret_arn" {`
	`2`	`+ value = aws_secretsmanager_secret.redis_password.arn`
	`3`	`+}`