{"id":19129410,"url":"https://github.com/launchbynttdata/tf-aws-module_collection-secretsmanager_secret","last_synced_at":"2026-05-17T11:31:24.048Z","repository":{"id":256814126,"uuid":"843032869","full_name":"launchbynttdata/tf-aws-module_collection-secretsmanager_secret","owner":"launchbynttdata","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-15T19:46:38.000Z","size":121,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-15T21:31:53.781Z","etag":null,"topics":["aws","infrastructure-as-code","platform-automation","reference","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchbynttdata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-15T16:27:40.000Z","updated_at":"2025-01-14T14:32:47.000Z","dependencies_parsed_at":"2024-09-13T07:09:38.114Z","dependency_job_id":null,"html_url":"https://github.com/launchbynttdata/tf-aws-module_collection-secretsmanager_secret","commit_stats":null,"previous_names":["launchbynttdata/tf-aws-module_collection-secretsmanager_secret"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/launchbynttdata/tf-aws-module_collection-secretsmanager_secret","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchbynttdata","download_url":"https://codeload.github.com/launchbynttdata/tf-aws-module_collection-secretsmanager_secret/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33136663,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","infrastructure-as-code","platform-automation","reference","terraform"],"created_at":"2024-11-09T06:07:25.190Z","updated_at":"2026-05-17T11:31:24.032Z","avatar_url":"https://github.com/launchbynttdata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tf-aws-module_collection-secretsmanager_secret\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)\n\n## Overview\n\nThis terraform module manages Secrets Manager in AWS.\n\n## Pre-Commit hooks\n\n[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.\n\n`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:\n\n- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).\n- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).\n- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.\nfooters other than BREAKING CHANGE: \u003cdescription\u003e may be provided and follow a convention similar to git trailer format.\n- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)\n- **chore**: a commit of the type `chore` adds changes that don't modify src or test files\n- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)\n- **docs**: a commit of the type `docs` adds documentation only changes\n- **perf**: a commit of the type `perf` adds code change that improves performance\n- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature\n- **revert**: a commit of the type `revert` reverts a previous commit\n- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)\n- **test**: a commit of the type `test` adds missing tests or correcting existing tests\n\nBase configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)\n\nIf you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.\n\n`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS\n\nIn order for `pre-commit` hooks to work properly\n\n- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.\n- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below\n\n```\npre-commit install --hook-type commit-msg\n```\n\n## To test the resource group module locally\n\n1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.\n\n```\nmake configure\n```\n\nThis adds in several files and directories that are ignored by `git`. They expose many new Make targets.\n\n2. _THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP._ The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.\n\n`make configure` command will bring down `azure_env.sh` file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.\n\nThese environment variables are used by `terratest` integration suit.\n\nService principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.\n\n```\n\"Microsoft.Resources/subscriptions/resourceGroups/write\"\n\"Microsoft.Resources/subscriptions/resourceGroups/read\"\n\"Microsoft.Resources/subscriptions/resourceGroups/delete\"\n```\n\nThen run this make target to set the environment variables on developer workstation.\n\n```\nmake env\n```\n\n3. The first target you care about is `check`.\n\n**Pre-requisites**\nBefore running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `azure` specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.\n\n- A file named `provider.tf` with contents below\n\n```\nprovider \"azurerm\" {\n  features {}\n}\n```\n\n- A file named `terraform.tfvars` which contains key value pair of variables used.\n\nNote that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.\n\nAfter creating these files, for running tests associated with the primitive/segment, run\n\n```\nmake check\n```\n\nIf `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.\n\n`make check` target\n\n- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.\n- runs `conftests`. `conftests` make sure `policy` checks are successful.\n- runs `terratest`. This is integration test suit.\n- runs `opa` tests\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.0 |\n\n## Providers\n\nNo providers.\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_resource_names\"\u003e\u003c/a\u003e [resource\\_names](#module\\_resource\\_names) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~\u003e 1.0 |\n| \u003ca name=\"module_secrets_manager\"\u003e\u003c/a\u003e [secrets\\_manager](#module\\_secrets\\_manager) | terraform-aws-modules/secrets-manager/aws | ~\u003e 1.1.2 |\n\n## Resources\n\nNo resources.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_logical_product_family\"\u003e\u003c/a\u003e [logical\\_product\\_family](#input\\_logical\\_product\\_family) | (Required) Name of the product family for which the resource is created.\u003cbr\u003e    Example: org\\_name, department\\_name. | `string` | `\"launch\"` | no |\n| \u003ca name=\"input_logical_product_service\"\u003e\u003c/a\u003e [logical\\_product\\_service](#input\\_logical\\_product\\_service) | (Required) Name of the product service for which the resource is created.\u003cbr\u003e    For example, backend, frontend, middleware etc. | `string` | `\"backend\"` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | (Required) The location where the resource will be created. Must not have spaces\u003cbr\u003e    For example, us-east-1, us-west-2, eu-west-1, etc. | `string` | `\"us-east-2\"` | no |\n| \u003ca name=\"input_class_env\"\u003e\u003c/a\u003e [class\\_env](#input\\_class\\_env) | (Required) Environment where resource is going to be deployed. For example. dev, qa, uat | `string` | `\"dev\"` | no |\n| \u003ca name=\"input_instance_env\"\u003e\u003c/a\u003e [instance\\_env](#input\\_instance\\_env) | Number that represents the instance of the environment. | `number` | `0` | no |\n| \u003ca name=\"input_instance_resource\"\u003e\u003c/a\u003e [instance\\_resource](#input\\_instance\\_resource) | Number that represents the instance of the resource. | `number` | `0` | no |\n| \u003ca name=\"input_maximum_length\"\u003e\u003c/a\u003e [maximum\\_length](#input\\_maximum\\_length) | Number that represents the maximum length the resource name could have. | `number` | `60` | no |\n| \u003ca name=\"input_separator\"\u003e\u003c/a\u003e [separator](#input\\_separator) | Separator to be used in the name | `string` | `\"-\"` | no |\n| \u003ca name=\"input_resource_names_map\"\u003e\u003c/a\u003e [resource\\_names\\_map](#input\\_resource\\_names\\_map) | A map of key to resource\\_name that will be used by tf-launch-module\\_library-resource\\_name to generate resource names | \u003cpre\u003emap(object(\u003cbr\u003e    {\u003cbr\u003e      name       = string\u003cbr\u003e      max_length = optional(number, 60)\u003cbr\u003e    }\u003cbr\u003e  ))\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"s3\": {\u003cbr\u003e    \"max_length\": 63,\u003cbr\u003e    \"name\": \"s3\"\u003cbr\u003e  }\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_secret_name\"\u003e\u003c/a\u003e [secret\\_name](#input\\_secret\\_name) | The description of the secrets. | `string` | `null` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | The description of the secrets. | `string` | `null` | no |\n| \u003ca name=\"input_recovery_window_in_days\"\u003e\u003c/a\u003e [recovery\\_window\\_in\\_days](#input\\_recovery\\_window\\_in\\_days) | This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30 | `number` | `null` | no |\n| \u003ca name=\"input_create_policy\"\u003e\u003c/a\u003e [create\\_policy](#input\\_create\\_policy) | Determines whether a policy will be created | `bool` | `false` | no |\n| \u003ca name=\"input_policy_statements\"\u003e\u003c/a\u003e [policy\\_statements](#input\\_policy\\_statements) | A map of IAM policy statements for custom permission usage | \u003cpre\u003emap(object({\u003cbr\u003e    sid = string\u003cbr\u003e    principals = list(object({\u003cbr\u003e      type        = string\u003cbr\u003e      identifiers = list(string)\u003cbr\u003e    }))\u003cbr\u003e    actions   = list(string)\u003cbr\u003e    resources = list(string)\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_ignore_secret_changes\"\u003e\u003c/a\u003e [ignore\\_secret\\_changes](#input\\_ignore\\_secret\\_changes) | Determines whether or not Terraform will ignore changes made externally to secret\\_string or secret\\_binary. Changing this value after creation is a destructive operation | `bool` | `false` | no |\n| \u003ca name=\"input_secret_string\"\u003e\u003c/a\u003e [secret\\_string](#input\\_secret\\_string) | The JSON string containing the secret data | `string` | `null` | no |\n| \u003ca name=\"input_use_default_secrets_encryption\"\u003e\u003c/a\u003e [use\\_default\\_secrets\\_encryption](#input\\_use\\_default\\_secrets\\_encryption) | Flag to indicate if default secret encryption should be used. If false then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager | `bool` | `false` | no |\n| \u003ca name=\"input_kms_key_id\"\u003e\u003c/a\u003e [kms\\_key\\_id](#input\\_kms\\_key\\_id) | The ID of the KMS key to be used for encryption | `string` | `null` | no |\n| \u003ca name=\"input_enable_rotation\"\u003e\u003c/a\u003e [enable\\_rotation](#input\\_enable\\_rotation) | Whether to enabled rotation for the secret | `bool` | `false` | no |\n| \u003ca name=\"input_rotation_lambda_arn\"\u003e\u003c/a\u003e [rotation\\_lambda\\_arn](#input\\_rotation\\_lambda\\_arn) | The ARN of the Lambda function that performs rotation | `string` | `\"\"` | no |\n| \u003ca name=\"input_rotation_rules\"\u003e\u003c/a\u003e [rotation\\_rules](#input\\_rotation\\_rules) | Rotation rules for the secret, including the schedule expression | `object({})` | `{}` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_arn\"\u003e\u003c/a\u003e [arn](#output\\_arn) | The ARN of the secret |\n| \u003ca name=\"output_id\"\u003e\u003c/a\u003e [id](#output\\_id) | The ID of the secret |\n| \u003ca name=\"output_secret_replica\"\u003e\u003c/a\u003e [secret\\_replica](#output\\_secret\\_replica) | Attributes of the replica created |\n| \u003ca name=\"output_secret_version_id\"\u003e\u003c/a\u003e [secret\\_version\\_id](#output\\_secret\\_version\\_id) | The unique identifier of the version of the secret |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-secretsmanager_secret/lists"}