{"id":15221792,"url":"https://github.com/googlecloudplatform/terraform-google-secret-manager","last_synced_at":"2025-04-07T15:06:11.306Z","repository":{"id":66041353,"uuid":"491222453","full_name":"GoogleCloudPlatform/terraform-google-secret-manager","owner":"GoogleCloudPlatform","description":"Creates one or more Google Secret Manager secrets and manages basic permissions for them","archived":false,"fork":false,"pushed_at":"2025-03-14T04:13:02.000Z","size":442,"stargazers_count":43,"open_issues_count":9,"forks_count":35,"subscribers_count":27,"default_branch":"main","last_synced_at":"2025-03-30T15:43:51.287Z","etag":null,"topics":["cft-terraform","gcp","kms","pubsub","security-identity","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/GoogleCloudPlatform/secret-manager/google","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoogleCloudPlatform.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-11T18:06:55.000Z","updated_at":"2025-03-19T15:33:06.000Z","dependencies_parsed_at":"2023-09-26T01:29:38.494Z","dependency_job_id":"fa9f634a-d0f3-4268-a1ce-4b751f4d80a3","html_url":"https://github.com/GoogleCloudPlatform/terraform-google-secret-manager","commit_stats":{"total_commits":66,"total_committers":10,"mean_commits":6.6,"dds":0.5,"last_synced_commit":"13a21cd9251505bbf1d8b8c8d7468834dc1c2be8"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fterraform-google-secret-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fterraform-google-secret-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fterraform-google-secret-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fterraform-google-secret-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoogleCloudPlatform","download_url":"https://codeload.github.com/GoogleCloudPlatform/terraform-google-secret-manager/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247675596,"owners_count":20977376,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cft-terraform","gcp","kms","pubsub","security-identity","terraform-module"],"created_at":"2024-09-28T15:07:35.407Z","updated_at":"2025-04-07T15:06:11.276Z","avatar_url":"https://github.com/GoogleCloudPlatform.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-google-secret-manager\n\nThis modules makes it easy to create Google Secret Manager secrets. If enabled it can enable the use of KMS keys for encrypting the secrets. Also if rotation is enabled and pubsub topics are passed in, then notification about secret rotation are sent to the pubsub topics. Here is a diagram of the resources that are deployed:\n\n![arch_diagram](./assets/tf-secrets.png)\n\n## Usage\n\nBasic usage of this module is as follows:\n\n```hcl\nmodule \"secret-manager\" {\n  source  = \"GoogleCloudPlatform/secret-manager/google\"\n  version = \"~\u003e 0.8\"\n  project_id = var.project_id\n  secrets = [\n    {\n      name                     = \"secret-1\"\n      secret_data              = \"secret information\"\n    },\n  ]\n}\n```\n\nFunctional examples are included in the [examples](./examples/) directory.\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| add\\_kms\\_permissions | The list of the crypto keys to give secret manager access to | `list(string)` | `[]` | no |\n| add\\_pubsub\\_permissions | The list of the pubsub topics to give secret manager access to | `list(string)` | `[]` | no |\n| automatic\\_replication | Automatic replication parameters that will be used for defined secrets. If not provided, the secret will be automatically replicated using Google-managed key without any restrictions. | `map(object({ kms_key_name = string }))` | `{}` | no |\n| labels | labels to be added for the defined secrets | `map(map(string))` | `{}` | no |\n| project\\_id | The project ID to manage the Secret Manager resources | `string` | n/a | yes |\n| secret\\_accessors\\_list | The list of the members to allow accessing secrets | `list(string)` | `[]` | no |\n| secrets | The list of the secrets | \u003cpre\u003elist(object({\u003cbr\u003e    name : string,\u003cbr\u003e    secret_data : optional(string),\u003cbr\u003e    next_rotation_time : optional(string),\u003cbr\u003e    rotation_period : optional(string),\u003cbr\u003e    create_version : optional(bool, true)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| topics | topics that will be used for defined secrets | `map(list(object({ name = string })))` | `{}` | no |\n| user\\_managed\\_replication | Replication parameters that will be used for defined secrets | `map(list(object({ location = string, kms_key_name = string })))` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| secret\\_names | The name list of Secrets |\n| secret\\_versions | The name list of Secret Versions |\n\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Requirements\n\nThese sections describe requirements for using this module.\n\n### Software\n\nThe following dependencies must be available:\n\n- [Terraform][terraform] v0.13\n- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0\n\n### Service Account\n\nA service account with the following roles must be used to provision\nthe resources of this module:\n\n- Secret Manager Admin: `roles/secretmanager.admin`\n\nIf you want the module to change IAM permissions (for the pubsub and kms use cases), it will require the following additional roles:\n\n- Project IAM Admin: `roles/resourcemanager.projectIamAdmin`\n\nThe [Project Factory module][project-factory-module] and the\n[IAM module][iam-module] may be used in combination to provision a\nservice account with the necessary roles applied.\n\n### APIs\n\nA project with the following APIs enabled must be used to host the\nresources of this module:\n\n- Secret Manager API: `secretmanager.googleapis.com`\n\nThe [Project Factory module][project-factory-module] can be used to\nprovision a project with the necessary APIs enabled.\n\n## Contributing\n\nRefer to the [contribution guidelines](./CONTRIBUTING.md) for\ninformation on contributing to this module.\n\n[iam-module]: https://registry.terraform.io/modules/terraform-google-modules/iam/google\n[project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google\n[terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html\n[terraform]: https://www.terraform.io/downloads.html\n\n## Security Disclosures\n\nPlease see our [security disclosure process](./SECURITY.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fterraform-google-secret-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgooglecloudplatform%2Fterraform-google-secret-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fterraform-google-secret-manager/lists"}