NOTE: This module is for Terraform 0.13 and newer - use 0.12.x releases for Terraform 0.12
This sub-module provides the same variables and capabilities as the base Secret Manager module, but will generate a random password to use as the secret value. Additional fields can be used to customise the password generator.
E.g. to create and store a random alphanumeric password of 8 chars that excludes special characters:
module "password" {
source = "memes/secret-manager/google//modules/random"
version = "1.0.3"
project_id = "my-project-id"
id = "my-secret"
# By default, random secret value will include 16 uppercase,lowercase, numbers,
# and special characters; let's change that for the legacy app which can only
# accept 8 alphanumeric chars.
length = 8
has_special_chars = false
}| Name | Version |
|---|---|
| terraform | >= 0.13 |
| >= 3.44 |
| Name | Version |
|---|---|
| random | n/a |
| Name | Source | Version |
|---|---|---|
| secret | ../../ | n/a |
| Name | Type |
|---|---|
| random_password.secret | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| accessors | An optional list of IAM account identifiers that will be granted accessor (read-only) permission to the secret. |
list(string) |
[] |
no |
| has_lower_chars | Include lowercase alphabet characters in the generated secret. Default is true; set to false to exclude generating a secret containing lowercase characters. |
bool |
true |
no |
| has_numeric_chars | Include numeric characters in the generated secret. Default is true; set to false to exclude generating a secret containing numeric characters. |
bool |
true |
no |
| has_special_chars | Include special characters in the generated secret. Default is true; set to false to exclude generating a secret containing special characters. |
bool |
true |
no |
| has_upper_chars | Include uppercase alphabet characters in the generated secret. Default is true; set to false to exclude generating a secret containing uppercase characters. |
bool |
true |
no |
| id | The secret identifier to create; this value must be unique within the project. | string |
n/a | yes |
| labels | An optional map of label key:value pairs to assign to the secret resources. Default is an empty map. |
map(string) |
{} |
no |
| length | The length of the random string to generate for secret value. Default is 16. | number |
16 |
no |
| min_lower_chars | The minimum number of lowercase characters to include in the generated secret. Default is 0, which allows the randomiser logic to exclude lowercase characters if needed to satisfy other min_ rules. Note that setting to 0 will notguarantee lowercase characters will be excluded - set has_lower_chars to falseto exclude lowercase characters from generated secret. |
number |
0 |
no |
| min_numeric_chars | The minimum number of numeric characters to include in the generated secret. Default is 0, which allows the randomiser logic to exclude numeric characters if needed to satisfy other min_ rules. Note that setting to 0 will notguarantee numeric characters will be excluded - set has_numeric_chars to falseto exclude numeric characters from generated secret. |
number |
0 |
no |
| min_special_chars | The minimum number of special characters to include in the generated secret. Default is 0, which allows the randomiser logic to exclude special characters if needed to satisfy other min_ rules. Note that setting to 0 will notguarantee special characters will be excluded - set has_special_chars to falseto exclude special characters from generated secret. |
number |
0 |
no |
| min_upper_chars | The minimum number of uppercase characters to include in the generated secret. Default is 0, which allows the randomiser logic to exclude uppercase characters if needed to satisfy other min_ rules. Note that setting to 0 will notguarantee uppercase characters will be excluded - set has_upper_chars to falseto exclude uppercase characters from generated secret. |
number |
0 |
no |
| project_id | The GCP project identifier where the secret will be created. | string |
n/a | yes |
| replication_keys | An optional map of customer managed keys per location. This needs to match the locations specified in replication_locations.E.g. replication_keys = { "us-east1": "my-key-name", "us-west1": "another-key-name" } |
map(string) |
{} |
no |
| replication_locations | An optional list of replication locations for the secret. If the value is an empty list (default) then an automatic replication policy will be applied. Use this if you must have replication constrained to specific locations. E.g. to use automatic replication policy (default) replication_locations = [] E.g. to force secrets to be replicated only in us-east1 and us-west1 regions: replication_locations = [ "us-east1", "us-west1" ] |
list(string) |
[] |
no |
| special_char_set | Override the 'special' characters used by Terraform's random_string provider to the set provided. Default is the same set as used by Terraform by default. |
string |
"!@#$%&*()-_=+[]{}<>:?" |
no |
| Name | Description |
|---|---|
| id | The fully-qualified id of the Secret Manager key that contains the secret. |
| secret_id | The project-local id Secret Manager key that contains the secret. Should match the input id. |