terraform-aws-secretsmanager-random-secret
Generates and stores a random string in Secrets Manager.
Example:
module "random_password" {
source = "git::https://github.com/rhythmictech/terraform-aws-secretsmanager-secret"
name_prefix = "RDSPassword"
description = "RDS instance master password"
length = 20
override_special = "@#$%^*()-=_+[]{};<>?,./"
}
Name
Version
random
>= 2.2.0
Name
Version
aws
n/a
random
>= 2.2.0
Name
Description
Type
Default
Required
cloudtrail_log_group
Cloudtrail Log Group name (required if enable_secret_access_notification=true
)
string
"change_me"
no
create_secret
If false, this module does nothing (since tf doesn't support conditional modules)
bool
true
no
description
Description to add to Secret
string
""
no
enable_secret_access_notification
Notify SNS topic on secret access (not recommended for most use cases)
bool
false
no
kms_key_id
Optional. The KMS Key ID to encrypt the secret. KMS key arn or alias can be used.
any
null
no
length
Length of string
number
n/a
yes
min_lower
Minimum number of lower case characters
number
0
no
min_numeric
Minimum number of numbers
number
0
no
min_special
Minimum number of special characters
number
0
no
min_upper
Minimum number of upper case characters
number
0
no
name
Name (omit to use name_prefix)
string
""
no
name_prefix
Name Prefix (not used if name specified)
string
"terraform"
no
override_special
n/a
string
""
no
pass_version
Password version. Increment this to trigger a new password.
number
1
no
recovery_window_in_days
Number of days to wait before deleting the secret
number
"30"
no
secret_access_metric_namespace
Metric namespace to use for CloudWatch metric
string
"SecretsManager"
no
secret_access_notification_arn
SNS topic to notify on secret access (required if enable_secret_access_notification=true
)
string
""
no
tags
Tags to add to supported resources
map(string)
{}
no
use_lower
Use lower case characters
bool
true
no
use_number
Use numbers
bool
true
no
use_special
Use special characters
bool
true
no
use_upper
Use upper case characters
bool
true
no
Name
Description
secret
Generated secret
secret_arn
The ARN of the secret
version_id
The unique identifier of the version of the secret.
Secrets are generated using the random provider and are stored in the tfstate in plaintext.