Skip to content

Commit 04e9334

Browse files
jamesiarmesjamesiarmes
committed
feat: Allow secrets to be deleted immediatly.
1 parent f095486 commit 04e9334

File tree

2 files changed

+15
-15
lines changed

2 files changed

+15
-15
lines changed

README.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -64,17 +64,17 @@ kms_key_arn = aws_kms_key.example.arn
6464

6565
## Inputs
6666

67-
| Name | Description | Type | Default | Required |
68-
| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | ----------- |
69-
| project | Name of the project. | `string` | n/a | yes |
70-
| kms_key_arn | ARN for an existing KMS key to use for encryption. Required if `create_kms_key` is set to `false`; ignored otherwise. | `string` | `null` | conditional |
71-
| add_suffix | Apply a random suffix to the secret name. Useful when secrets may need to be replaced, but makes identify secrets by name alone more difficult. | `bool` | `true` | no |
72-
| create_kms_key | Whether to create a new KMS key for encrypting secrets. If set to `false`, `kms_key_arn` must be provided. | `bool` | `true` | no |
73-
| environment | Environment for the project. | `string` | `"dev"` | no |
74-
| key_recovery_period | Recovery period for deleted KMS keys in days. Must be between 7 and 30. Only used if `create_kms_key` is set to `true`. | `number` | `30` | no |
75-
| [secrets] | Secrets to be created. | `map(object)` | `{}` | no |
76-
| service | Optional service that these resources are supporting. Example: `"api"`, `"web"`, `"worker"` | `string` | n/a | no |
77-
| tags | Optional tags to be applied to all resources. | `list` | `[]` | no |
67+
| Name | Description | Type | Default | Required |
68+
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | ----------- |
69+
| project | Name of the project. | `string` | n/a | yes |
70+
| kms_key_arn | ARN for an existing KMS key to use for encryption. Required if `create_kms_key` is set to `false`; ignored otherwise. | `string` | `null` | conditional |
71+
| add_suffix | Apply a random suffix to the secret name. Useful when secrets may need to be replaced, but makes identify secrets by name alone more difficult. | `bool` | `true` | no |
72+
| create_kms_key | Whether to create a new KMS key for encrypting secrets. If set to `false`, `kms_key_arn` must be provided. | `bool` | `true` | no |
73+
| environment | Environment for the project. | `string` | `"dev"` | no |
74+
| key_recovery_period | Recovery period for deleted KMS key, in days. Must be between 7 and 30, or 0 to disable recovery. Only used if `create_kms_key` is set to `true`. | `number` | `30` | no |
75+
| [secrets] | Secrets to be created. | `map(object)` | `{}` | no |
76+
| service | Optional service that these resources are supporting. Example: `"api"`, `"web"`, `"worker"` | `string` | n/a | no |
77+
| tags | Optional tags to be applied to all resources. | `list` | `[]` | no |
7878

7979
### secrets
8080

variables.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,13 @@ variable "key_recovery_period" {
2323
type = number
2424
default = 30
2525
description = <<-EOT
26-
Recovery period for deleted KMS keys in days. Must be between 7 and 30. Only
27-
used if `create_kms_key` is set to `true`.
26+
Recovery period for deleted KMS key, in days. Must be between 7 and 30, or 0
27+
to disable recovery. Only used if `create_kms_key` is set to `true`.
2828
EOT
2929

3030
validation {
31-
condition = var.key_recovery_period > 6 && var.key_recovery_period < 31
32-
error_message = "Recovery period must be between 7 and 30."
31+
condition = var.key_recovery_period == 0 || (var.key_recovery_period > 6 && var.key_recovery_period < 31)
32+
error_message = "Recovery period must be between 7 and 30, or 0 to disable recovery."
3333
}
3434
}
3535

0 commit comments

Comments
 (0)