{"id":24388129,"url":"https://github.com/masterpointio/terraform-secrets-helper","last_synced_at":"2026-03-06T17:08:04.150Z","repository":{"id":184645840,"uuid":"671515749","full_name":"masterpointio/terraform-secrets-helper","owner":"masterpointio","description":"The Terraform module that abstracts the way we manage secrets.","archived":false,"fork":false,"pushed_at":"2026-03-04T15:16:13.000Z","size":109,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-03-04T22:20:44.832Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/masterpointio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-27T13:49:21.000Z","updated_at":"2026-03-04T15:21:04.000Z","dependencies_parsed_at":"2025-01-02T12:36:49.977Z","dependency_job_id":"17b9eda3-62a9-4777-8684-16c067a4fe91","html_url":"https://github.com/masterpointio/terraform-secrets-helper","commit_stats":null,"previous_names":["masterpointio/terraform-secrets-helper"],"tags_count":7,"template":false,"template_full_name":"cloudposse/terraform-example-module","purl":"pkg:github/masterpointio/terraform-secrets-helper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masterpointio%2Fterraform-secrets-helper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masterpointio%2Fterraform-secrets-helper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masterpointio%2Fterraform-secrets-helper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masterpointio%2Fterraform-secrets-helper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/masterpointio","download_url":"https://codeload.github.com/masterpointio/terraform-secrets-helper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masterpointio%2Fterraform-secrets-helper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30186781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T14:42:24.748Z","status":"ssl_error","status_checked_at":"2026-03-06T14:42:14.925Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-19T13:56:27.271Z","updated_at":"2026-03-06T17:08:04.107Z","avatar_url":"https://github.com/masterpointio.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Banner][banner-image]](https://masterpoint.io/)\n\n# terraform-secrets-helper\n\n[![Release][release-badge]][latest-release]\n\n💡 Learn more about Masterpoint [below](#who-we-are-𐦂𖨆𐀪𖠋).\n\n## Purpose and Functionality\n\nThis Terraform module provides a standard and extensible way of managing secrets from different sources, making them accessible through `local.secrets[\"\u003cSECRET_NAME\u003e\"]`. It's designed to create an abstract interface for dealing with secrets in Terraform, regardless of the source of these secrets.\n\nOur initial version is built to handle [SOPS secrets](https://github.com/getsops/sops), but it is designed in a way that it can be easily extended to support other secret providers like AWS SSM Parameter Store, Vault, and more in the future.\n\nThis module can be included as a child module, where needed, to fetch secrets and provide them in an abstract manner.\n\n## Usage\n\nCopy `exports/secrets.mixin.tf` to your project by running the following command:\n\n```sh\ncurl -sL https://raw.githubusercontent.com/masterpointio/terraform-secrets-helper/main/exports/secrets.mixin.tf -o secrets.mixin.tf\n```\n\nThe mixin incorporates the invocation of this module, so you simply need to configure the required `secret_mapping` variable and then reference it within your code.\n\nSee the full example in [examples/complete](https://github.com/masterpointio/terraform-secrets-helper/tree/main/examples/complete)\n\n### SOPS Secrets\n\n```hcl\nsecret_mapping = [{\n  name = \"db_password\"\n  file = \"test.yaml\"\n  type = \"sops\"\n}]\n\noutput \"db_password\" {\n  value     = jsonencode(local.secrets[\"db_password\"])\n  sensitive = true\n}\n```\n\n### AWS SSM Parameter Store Secrets\n\n```hcl\nsecret_mapping = [{\n  name = \"api_token\"\n  type = \"ssm\"\n  path = \"/myapp/prod/api_token\"\n}]\n```\n\n### Mixed Sources\n\nYou can combine both SOPS and SSM secrets in the same configuration:\n\n```hcl\nsecret_mapping = [\n  {\n    name = \"db_password\"\n    type = \"sops\"\n    file = \"secrets.yaml\"\n  },\n  {\n    name = \"api_token\"\n    type = \"ssm\"\n    path = \"/myapp/prod/api_token\"\n  }\n]\n```\n\n# Future Enhancements\n\nThe module currently supports SOPS and AWS SSM Parameter Store. Future versions may add support for other secret providers like HashiCorp Vault, AWS Secrets Manager, and more.\n\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable MD013 --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.0 |\n| \u003ca name=\"requirement_sops\"\u003e\u003c/a\u003e [sops](#requirement\\_sops) | \u003e= 0.7 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.0 |\n| \u003ca name=\"provider_sops\"\u003e\u003c/a\u003e [sops](#provider\\_sops) | \u003e= 0.7 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_ssm_parameter.ssm_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |\n| [sops_file.sops_secrets](https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_secret_mapping\"\u003e\u003c/a\u003e [secret\\_mapping](#input\\_secret\\_mapping) | The list of secret mappings the application will need.\u003cbr/\u003eThis creates secret values for the component to consume at `local.secrets[name]`.\u003cbr/\u003eFor SOPS secrets: use type=\"sops\" (default), file=\"path/to/sops/file.yaml\", and name matching a key in the SOPS file.\u003cbr/\u003eFor SSM secrets: use type=\"ssm\" and path=\"/path/to/ssm/parameter\". | \u003cpre\u003elist(object({\u003cbr/\u003e    name = string\u003cbr/\u003e    type = optional(string, \"sops\")\u003cbr/\u003e    path = optional(string, null)\u003cbr/\u003e    file = optional(string, null)\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_all\"\u003e\u003c/a\u003e [all](#output\\_all) | The final secrets pulled from various sources. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\u003c!-- markdownlint-enable MD013 --\u003e\n\u003c!-- prettier-ignore-end --\u003e\n\n## Built By\n\nPowered by the [Masterpoint team](https://masterpoint.io/who-we-are/) and driven forward by contributions from the community ❤️\n\n[![Contributors][contributors-image]][contributors-url]\n\n## Contribution Guidelines\n\nContributions are welcome and appreciated!\n\nFound an issue or want to request a feature? [Open an issue][issues-url]\n\nWant to fix a bug you found or add some functionality? Fork, clone, commit, push, and PR — we'll check it out.\n\n## Who We Are 𐦂𖨆𐀪𖠋\n\nEstablished in 2016, Masterpoint is a team of experienced software and platform engineers specializing in Infrastructure as Code (IaC). We provide expert guidance to organizations of all sizes, helping them leverage the latest IaC practices to accelerate their engineering teams.\n\n### Our Mission\n\nOur mission is to simplify cloud infrastructure so developers can innovate faster, safer, and with greater confidence. By open-sourcing tools and modules that we use internally, we aim to contribute back to the community, promoting consistency, quality, and security.\n\n### Our Commitments\n\n- 🌟 **Open Source**: We live and breathe open source, contributing to and maintaining hundreds of projects across multiple organizations.\n- 🌎 **1% for the Planet**: Demonstrating our commitment to environmental sustainability, we are proud members of [1% for the Planet](https://www.onepercentfortheplanet.org), pledging to donate 1% of our annual sales to environmental nonprofits.\n- 🇺🇦 **1% Towards Ukraine**: With team members and friends affected by the ongoing [Russo-Ukrainian war](https://en.wikipedia.org/wiki/Russo-Ukrainian_War), we donate 1% of our annual revenue to invasion relief efforts, supporting organizations providing aid to those in need. [Here's how you can help Ukraine with just a few clicks](https://masterpoint.io/updates/supporting-ukraine/).\n\n## Connect With Us\n\nWe're active members of the community and are always publishing content, giving talks, and sharing our hard earned expertise. Here are a few ways you can see what we're up to:\n\n[![LinkedIn][linkedin-badge]][linkedin-url] [![Newsletter][newsletter-badge]][newsletter-url] [![Blog][blog-badge]][blog-url] [![YouTube][youtube-badge]][youtube-url]\n\n... and be sure to connect with our founder, [Matt Gowie](https://www.linkedin.com/in/gowiem/).\n\n## License\n\n[Apache License, Version 2.0][license-url].\n\n[![Open Source Initiative][osi-image]][license-url]\n\nCopyright © 2016-2025 [Masterpoint Consulting LLC](https://masterpoint.io/)\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\n[banner-image]: https://masterpoint-public.s3.us-west-2.amazonaws.com/v2/standard-long-fullcolor.png\n[license-url]: https://opensource.org/license/apache-2-0\n[osi-image]: https://i0.wp.com/opensource.org/wp-content/uploads/2023/03/cropped-OSI-horizontal-large.png?fit=250%2C229\u0026ssl=1\n[linkedin-badge]: https://img.shields.io/badge/LinkedIn-Follow-0A66C2?style=for-the-badge\u0026logoColor=white\n[linkedin-url]: https://www.linkedin.com/company/masterpoint-consulting\n[blog-badge]: https://img.shields.io/badge/Blog-IaC_Insights-55C1B4?style=for-the-badge\u0026logoColor=white\n[blog-url]: https://masterpoint.io/updates/\n[newsletter-badge]: https://img.shields.io/badge/Newsletter-Subscribe-ECE295?style=for-the-badge\u0026logoColor=222222\n[newsletter-url]: https://newsletter.masterpoint.io/\n[youtube-badge]: https://img.shields.io/badge/YouTube-Subscribe-D191BF?style=for-the-badge\u0026logo=youtube\u0026logoColor=white\n[youtube-url]: https://www.youtube.com/channel/UCeeDaO2NREVlPy9Plqx-9JQ\n[release-badge]: https://img.shields.io/github/v/release/masterpointio/terraform-secrets-helper?color=0E383A\u0026label=Release\u0026style=for-the-badge\u0026logo=github\u0026logoColor=white\n[latest-release]: https://github.com/masterpointio/terraform-secrets-helper/releases/latest\n[contributors-image]: https://contrib.rocks/image?repo=masterpointio/terraform-secrets-helper\n[contributors-url]: https://github.com/masterpointio/terraform-secrets-helper/graphs/contributors\n[issues-url]: https://github.com/masterpointio/terraform-secrets-helper/issues\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmasterpointio%2Fterraform-secrets-helper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmasterpointio%2Fterraform-secrets-helper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmasterpointio%2Fterraform-secrets-helper/lists"}