Store just 1 parameter
Firstly, create secret manager path for our requirement, recovery_window_in_days parameters is 30 days by default but we use this exercise for test purposes, so we don’t need to store these parameters.
// Store Password
resource "aws_secretsmanager_secret" "rds_password" {
name = "/prod/rds/password"
description = "Password for my RDS Database"
recovery_window_in_days = 0
}
Then, we create password and store it
// Generate Password
resource "random_password" "main" {
length = 20
special = true # Default: !@#$%&*()-_=+[]{}<>:?
override_special = "#!()_"
}
resource "aws_secretsmanager_secret_version" "rds_password" {
secret_id = aws_secretsmanager_secret.rds_password.id
secret_string = random_password.main.result
}
Retrieve password from secret manager
// Retrieve Password
data "aws_secretsmanager_secret_version" "rds_password" {
secret_id = aws_secretsmanager_secret.rds_password.id
depends_on = [aws_secretsmanager_secret_version.rds_password]
}
Store group of parameters
Store some parameters in prod/rds/all path
// Store All RDS parameters
resource "aws_secretsmanager_secret" "rds" {
name = "/prod/rds/all"
description = "All Details for my RDS Database"
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "rds" {
secret_id = aws_secretsmanager_secret.rds.id
secret_string = jsonencode({
rds_address = aws_db_instance.prod.address
rds_port = aws_db_instance.prod.port
rds_username = aws_db_instance.prod.username
rds_password = random_password.main.result
})
}
Retrieve all data from secrets manager
// Retreive ALL
data "aws_secretsmanager_secret_version" "rds" {
secret_id = aws_secretsmanager_secret.rds.id
depends_on = [aws_secretsmanager_secret_version.rds]
}