Store just 1 parameter
Firstly, create secret manager path for our requirement, recovery_window_in_days parameters is 30 days by default but we use this exercise for test purposes, so we don’t need to store these parameters.
// Store Password resource "aws_secretsmanager_secret" "rds_password" { name = "/prod/rds/password" description = "Password for my RDS Database" recovery_window_in_days = 0 }
Then, we create password and store it
// Generate Password resource "random_password" "main" { length = 20 special = true # Default: !@#$%&*()-_=+[]{}<>:? override_special = "#!()_" } resource "aws_secretsmanager_secret_version" "rds_password" { secret_id = aws_secretsmanager_secret.rds_password.id secret_string = random_password.main.result }
Retrieve password from secret manager
// Retrieve Password data "aws_secretsmanager_secret_version" "rds_password" { secret_id = aws_secretsmanager_secret.rds_password.id depends_on = [aws_secretsmanager_secret_version.rds_password] }
Store group of parameters
Store some parameters in prod/rds/all path
// Store All RDS parameters resource "aws_secretsmanager_secret" "rds" { name = "/prod/rds/all" description = "All Details for my RDS Database" recovery_window_in_days = 0 } resource "aws_secretsmanager_secret_version" "rds" { secret_id = aws_secretsmanager_secret.rds.id secret_string = jsonencode({ rds_address = aws_db_instance.prod.address rds_port = aws_db_instance.prod.port rds_username = aws_db_instance.prod.username rds_password = random_password.main.result }) }
Retrieve all data from secrets manager
// Retreive ALL data "aws_secretsmanager_secret_version" "rds" { secret_id = aws_secretsmanager_secret.rds.id depends_on = [aws_secretsmanager_secret_version.rds] }