This example shows how to specify almost* every available option.
*
auto_replication_kms_key_nameis left unspecified since the module will create the secret with user specified encryption replication as determined by thereplicationvariable.
| Item | Managed by module | Description |
|---|---|---|
| Access Control | ✓ | User specified accounts will be granted view access to secret. |
| Cloud KMS key | Not managed by example; a suitable KMS key for encryption/decryption must be created externally in matching locations. | |
| Replication | ✓ | User specified locations will be used for replication. |
| Secret Value | User specified. | |
| Pub/Sub Notifications | ✓ | Notifications sent to Pub/Sub Topic provided. |
| TTL | ✓ | Automatically deleted after specified number of seconds. |
# Example TF vars file
project_id = "my-project-id"
id = "my-secret-id"
secret = "T0pS3cretP@ssword!"
replication = {
"us-east1" = {
kms_key_name = "projects/my-project-id/locations/us-east1/keyRings/my-east-keyring/cryptoKeys/east-key"
}
"us-west1" = {
kms_key_name = "projects/my-project-id/locations/us-west1/keyRings/my-east-keyring/cryptoKeys/west-key"
}
}
accessors = ["serviceAccount:[email protected]", "user:[email protected]", "group:[email protected]"]
labels = {
"stage": "dev",
"cost_center": "product_dev",
"owner": "jane_at_example_com"
}
annotations = {
"stage": "dev",
"cost_center": "product_dev",
"owner": "jane_at_example_com"
}
topics = [
"projects/my-project-id/topics/my-secret-topic"
]
ttl_secs = 86400