Merge pull request #2 from masterpointio/fix/update_example

fix: update to a working example

Author: gberenice

README.md

@@ -18,15 +18,18 @@ Copy `exports/secrets.sops.tf` to your project by running the following command:
 curl -sL https://raw.githubusercontent.com/masterpointio/terraform-secrets-helper/main/exports/exports/secrets.sops.tf -o exports/secrets.sops.tf
 ```
 
-The mixin incorporates the invocation of this module, so you simply need to configure the necessary variable and then reference it within your code.
+The mixin incorporates the invocation of this module, so you simply need to configure the required `secret_mapping` variable and then reference it within your code.
+
+See the full example in [examples/complete](https://github.com/masterpointio/terraform-secrets-helper/tree/main/examples/complete)
 
 ```hcl
 secret_mapping = [{
   name = "db_password"
-  file = "../../config/secrets/dev.yaml"
+  file = "test.yaml"
   type = "sops"
 }]
 
+
 output "db_password" {
   value     = jsonencode(local.secrets["db_password"])
   sensitive = true

examples/complete/key.txt

@@ -0,0 +1,4 @@
+# This is a key created by [age](https://github.com/getsops/sops#encrypting-using-age) for this example only.
+# Don't use it to encrypt real secrets.
+# public key: age16s8ufjce303p3z2vxvf066rm37ueh4jyrk6tneectcf4ndkkwffqw6xrwp
+AGE-SECRET-KEY-10LCLHZDG25ECPN4RHGKNCSN8K473Q6ZSCN440HAQKC3T0DKQY8MQYG7ERM

examples/complete/outputs.tf

@@ -1,5 +1,8 @@
-# In this example we assume that the mixin `../../exports/secrets.sops.tf` is placed next to `outputs.tf`,
-# `so local.secrets` is available.
+# In this example we assume that the mixin `../../exports/secrets.sops.tf` is placed next to `outputs.tf`, `so local.secrets` is available.
+# The secrets file `test.yaml` is encrypted by tool `age`, see more https://github.com/getsops/sops#encrypting-using-age.
+#
+# To decrypt and view the secrets file, run `SOPS_AGE_KEY_FILE=key.txt sops test.yaml`.
+# To run Terraform commands - pass the age key file as well, e.g.: `SOPS_AGE_KEY_FILE=key.txt terraform apply`.
 
 output "db_password" {
   value     = jsonencode(local.secrets["db_password"])

examples/complete/dev.tfvars renamed to examples/complete/test.auto.tfvars

@@ -1,5 +1,5 @@
 secret_mapping = [{
   name = "db_password"
-  file = "../../config/secrets/dev.yaml"
+  file = "test.yaml"
   type = "sops"
 }]

examples/complete/test.yaml

@@ -0,0 +1,21 @@
+db_password: ENC[AES256_GCM,data:rten3dguCu7Sna/c6KrNehzF5obQaHfHPA3HKK+WfDtMMim53TI=,iv:gYp+m5ukEpdpaNG8oxWf+0z22qcqkepkbTkirwBGFSU=,tag:sEOOCfOIcRTjXgHyXXtcfg==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age16s8ufjce303p3z2vxvf066rm37ueh4jyrk6tneectcf4ndkkwffqw6xrwp
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVkhPdHlpL0FOU3hFVmg0
+        UnNuV1YrRzRGRFZGMG1UQ0Vvc1RJSm55bTBNClVnZmpYVURsdnRHVWYxLytzdFdQ
+        SDkwYXR4QXdTQUg2VURIaEE1Q0ovNlUKLS0tIGJ4QW02dm1zd1ZEVDk4ZDExbnVm
+        bHc0S1liTmlCb3V6WEhaL3p1RjdXRXMKZtATzGojbybk5oZTVjaJej30Alt7K7bZ
+        bJ+KeVop2hnYiXS8JkTJ5OO6eE/5pemihyfLdgi6dBpquNr9jE2Kug==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2023-07-30T12:40:33Z"
+  mac: ENC[AES256_GCM,data:wBznFHw0buGoEyr8v93SmnWsaf3NVKPzipa/1ckWtW1tgZDycqSY1PoxFH9gd9OEnKX8Iyz2EsFIG5WikDlkSFx0OEsx5RSDIB/exF+MQjIOmE+rNk7QuJl7v9c5Hel/XKtp9SNTvqewzRAXn1c8NxheenKi1o/13YA7JSMLjes=,iv:5mz5CJkD9ZDxolfCEDbwXntvauLy45RI8mzoVhSWT1E=,tag:V4i8mrS9Ddx7L9Fm7kr19Q==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.7.3

exports/secrets.sops.tf

@@ -1,7 +1,7 @@
 module "secrets" {
-  # Will be updated once we release a version and publish to the registry
-  # checkov:skip=CKV_TF_1:This module source will be updated soon, skipping this check.
-  source         = "git::https://github.com/masterpointio/terraform-secrets-helper.git?ref=tags/X.X.X"
+  # checkov:skip=CKV_TF_1: For now we use Terraform registry source, not git. If switching to git, we should use a commit hash.
+  source         = "masterpointio/helper/secrets"
+  version        = "0.2.0"
   secret_mapping = var.secret_mapping
 }