UML-3392: add lpa data secrets to terraform (#2616)

* add lpa data secrets to terraform * fix missing secret
ministryofjustice · May 24, 2024 · 3c508bb · 3c508bb
1 parent af4dd69
commit 3c508bb
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/terraform/account/keys.tf b/terraform/account/keys.tf
@@ -1,4 +1,9 @@
 resource "tls_private_key" "onelogin_auth_pk" {
   algorithm = "RSA"
   rsa_bits  = 2048
+}
+
+resource "tls_private_key" "lpa_data_store_pk" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
 }
diff --git a/terraform/account/secretsmanager.tf b/terraform/account/secretsmanager.tf
@@ -49,6 +49,35 @@ resource "aws_secretsmanager_secret_version" "gov_uk_onelogin_client_id" {
   }
 }
 
+resource "aws_secretsmanager_secret" "lpa_data_store_private_key" {
+  name       = "lpa-data-store-private-key"
+  kms_key_id = module.secrets_manager_mrk.key_id
+
+  replica {
+    kms_key_id = module.secrets_manager_mrk.key_id
+    region     = "eu-west-2"
+  }
+}
+
+resource "aws_secretsmanager_secret" "lpa_data_store_public_key" {
+  name       = "lpa-data-store-public-key"
+  kms_key_id = module.secrets_manager_mrk.key_id
+
+  replica {
+    kms_key_id = module.secrets_manager_mrk.key_id
+    region     = "eu-west-2"
+  }
+}
+
+resource "aws_secretsmanager_secret_version" "lpa_data_store_private_key" {
+  secret_id     = aws_secretsmanager_secret.lpa_data_store_private_key.id
+  secret_string = tls_private_key.lpa_data_store_pk.private_key_pem
+}
+
+resource "aws_secretsmanager_secret_version" "lpa_data_store_public_key" {
+  secret_id     = aws_secretsmanager_secret.lpa_data_store_public_key.id
+  secret_string = trimspace(tls_private_key.lpa_data_store_pk.public_key_pem)
+}
 
 resource "aws_secretsmanager_secret" "notify_api_key" {
   name       = "notify-api-key"