From 3c508bbe9020b238b43bb0be6abcf3f8917054c3 Mon Sep 17 00:00:00 2001 From: Lbagg1 Date: Fri, 24 May 2024 10:55:23 +0100 Subject: [PATCH] UML-3392: add lpa data secrets to terraform (#2616) * add lpa data secrets to terraform * fix missing secret --- terraform/account/keys.tf | 5 +++++ terraform/account/secretsmanager.tf | 29 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/terraform/account/keys.tf b/terraform/account/keys.tf index 701f3ebbc1..a821264bf4 100644 --- a/terraform/account/keys.tf +++ b/terraform/account/keys.tf @@ -1,4 +1,9 @@ resource "tls_private_key" "onelogin_auth_pk" { algorithm = "RSA" rsa_bits = 2048 +} + +resource "tls_private_key" "lpa_data_store_pk" { + algorithm = "RSA" + rsa_bits = 2048 } \ No newline at end of file diff --git a/terraform/account/secretsmanager.tf b/terraform/account/secretsmanager.tf index f68eb9d639..4fbe0e74fd 100644 --- a/terraform/account/secretsmanager.tf +++ b/terraform/account/secretsmanager.tf @@ -49,6 +49,35 @@ resource "aws_secretsmanager_secret_version" "gov_uk_onelogin_client_id" { } } +resource "aws_secretsmanager_secret" "lpa_data_store_private_key" { + name = "lpa-data-store-private-key" + kms_key_id = module.secrets_manager_mrk.key_id + + replica { + kms_key_id = module.secrets_manager_mrk.key_id + region = "eu-west-2" + } +} + +resource "aws_secretsmanager_secret" "lpa_data_store_public_key" { + name = "lpa-data-store-public-key" + kms_key_id = module.secrets_manager_mrk.key_id + + replica { + kms_key_id = module.secrets_manager_mrk.key_id + region = "eu-west-2" + } +} + +resource "aws_secretsmanager_secret_version" "lpa_data_store_private_key" { + secret_id = aws_secretsmanager_secret.lpa_data_store_private_key.id + secret_string = tls_private_key.lpa_data_store_pk.private_key_pem +} + +resource "aws_secretsmanager_secret_version" "lpa_data_store_public_key" { + secret_id = aws_secretsmanager_secret.lpa_data_store_public_key.id + secret_string = trimspace(tls_private_key.lpa_data_store_pk.public_key_pem) +} resource "aws_secretsmanager_secret" "notify_api_key" { name = "notify-api-key"