-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #49 from humanitec/secret-store-resource
feat: add secretstore resource
- Loading branch information
Showing
6 changed files
with
898 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "humanitec_secretstore Resource - terraform-provider-humanitec" | ||
subcategory: "" | ||
description: |- | ||
An external secret management system used by an organization to store secrets referenced in Humanitec. | ||
--- | ||
|
||
# humanitec_secretstore (Resource) | ||
|
||
An external secret management system used by an organization to store secrets referenced in Humanitec. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "humanitec_secretstore" "secret_store_gcpsm" { | ||
id = "secretstore_id" | ||
gcpsm = { | ||
project_id = "example-project" | ||
auth = { | ||
secret_access_key = "secret-access-key" | ||
} | ||
} | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `id` (String) The ID of the Secret Store. | ||
|
||
### Optional | ||
|
||
- `awssm` (Attributes) AWS Secret Manager specification. (see [below for nested schema](#nestedatt--awssm)) | ||
- `azurekv` (Attributes) Azure KV Secret Manager specification. (see [below for nested schema](#nestedatt--azurekv)) | ||
- `gcpsm` (Attributes) GCP Secret Manager specification. (see [below for nested schema](#nestedatt--gcpsm)) | ||
- `primary` (Boolean) Whether the Secret Store is the Primary one for the organization. | ||
- `vault` (Attributes) Vault specification. (see [below for nested schema](#nestedatt--vault)) | ||
|
||
<a id="nestedatt--awssm"></a> | ||
### Nested Schema for `awssm` | ||
|
||
Required: | ||
|
||
- `region` (String) The region of AWS Secret Manager. | ||
|
||
Optional: | ||
|
||
- `auth` (Attributes, Sensitive) Credentials to authenticate to AWS Secret Manager. (see [below for nested schema](#nestedatt--awssm--auth)) | ||
|
||
<a id="nestedatt--awssm--auth"></a> | ||
### Nested Schema for `awssm.auth` | ||
|
||
Required: | ||
|
||
- `access_key_id` (String) The Access Key ID. | ||
- `secret_access_key` (String) The Secret Access Key. | ||
|
||
|
||
|
||
<a id="nestedatt--azurekv"></a> | ||
### Nested Schema for `azurekv` | ||
|
||
Required: | ||
|
||
- `tenant_id` (String) The AzureKV Tenant ID. | ||
- `url` (String) The AzureKV URL. | ||
|
||
Optional: | ||
|
||
- `auth` (Attributes, Sensitive) Credentials to authenticate to Azure Key Vault. (see [below for nested schema](#nestedatt--azurekv--auth)) | ||
|
||
<a id="nestedatt--azurekv--auth"></a> | ||
### Nested Schema for `azurekv.auth` | ||
|
||
Required: | ||
|
||
- `client_id` (String) The AzureKV Client ID. | ||
- `client_secret` (String) The AzureKV Client Secret. | ||
|
||
|
||
|
||
<a id="nestedatt--gcpsm"></a> | ||
### Nested Schema for `gcpsm` | ||
|
||
Required: | ||
|
||
- `project_id` (String) The project ID of the GCPSM. | ||
|
||
Optional: | ||
|
||
- `auth` (Attributes, Sensitive) Credentials to authenticate the GCPSM. (see [below for nested schema](#nestedatt--gcpsm--auth)) | ||
|
||
<a id="nestedatt--gcpsm--auth"></a> | ||
### Nested Schema for `gcpsm.auth` | ||
|
||
Required: | ||
|
||
- `secret_access_key` (String) The Secret Access Key. | ||
|
||
|
||
|
||
<a id="nestedatt--vault"></a> | ||
### Nested Schema for `vault` | ||
|
||
Required: | ||
|
||
- `url` (String) The Vault URL. | ||
|
||
Optional: | ||
|
||
- `agent_id` (String) Reference to the agent to use to hit Vault. | ||
- `auth` (Attributes, Sensitive) Credentials to authenticate the Vault. (see [below for nested schema](#nestedatt--vault--auth)) | ||
- `path` (String) The path used to read / write secrets. | ||
|
||
<a id="nestedatt--vault--auth"></a> | ||
### Nested Schema for `vault.auth` | ||
|
||
Optional: | ||
|
||
- `role` (String) Role to assume to access Vault. | ||
- `token` (String) Token to access Vault. | ||
|
||
## Import | ||
|
||
Import is supported using the following syntax: | ||
|
||
```shell | ||
# import an existing secret store | ||
terraform import humanitec_secretstore.secret_store_gcpsm secretstore_id | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# import an existing secret store | ||
terraform import humanitec_secretstore.secret_store_gcpsm secretstore_id | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
resource "humanitec_secretstore" "secret_store_gcpsm" { | ||
id = "secretstore_id" | ||
gcpsm = { | ||
project_id = "example-project" | ||
auth = { | ||
secret_access_key = "secret-access-key" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.