Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/rhythmictech/terraform-aws-secure-password

Creates a password with a Lambda data source and saves it in a secrets manager secret, allowing the creation of passwords without saving them in state
https://github.com/rhythmictech/terraform-aws-secure-password

Last synced: 8 months ago
JSON representation

Creates a password with a Lambda data source and saves it in a secrets manager secret, allowing the creation of passwords without saving them in state

Awesome Lists containing this project

README 

          
# terraform-aws-secure-password

Creates a password with a Lambda data source and saves it in a secrets manager secret, allowing the creation of passwords without saving them in state



[![tflint](https://github.com/rhythmictech/terraform-aws-secure-password/workflows/tflint/badge.svg?branch=main&event=push)](https://github.com/rhythmictech/terraform-aws-secure-password/actions?query=workflow%3Atflint+event%3Apush+branch%3Amain)

[![tfsec](https://github.com/rhythmictech/terraform-aws-secure-password/workflows/tfsec/badge.svg?branch=main&event=push)](https://github.com/rhythmictech/terraform-aws-secure-password/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amain)

[![yamllint](https://github.com/rhythmictech/terraform-aws-secure-password/workflows/yamllint/badge.svg?branch=main&event=push)](https://github.com/rhythmictech/terraform-aws-secure-password/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amain)

[![misspell](https://github.com/rhythmictech/terraform-aws-secure-password/workflows/misspell/badge.svg?branch=main&event=push)](https://github.com/rhythmictech/terraform-aws-secure-password/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amain)

[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-secure-password/workflows/pre-commit-check/badge.svg?branch=main&event=push)](https://github.com/rhythmictech/terraform-aws-secure-password/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amain)

follow on Twitter



## Example

Here's what using the module will look like

```hcl

module "secure_password" {

  source  = "rhythmictech/secure-password/aws"

  version = "~> 1.0.0-rc1"



  name    = "my-secure-pass"

  length  = 24

}



output "secret_name" {

  value = module.secure_password.secret_name

}



```



## About

Creates a password with a Lambda data source and saves it in a secrets manager secret, allowing the creation of passwords without saving them in state



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.12.28 |

|  [aws](#requirement\_aws) | >= 2.45 |

|  [external](#requirement\_external) | >= 1.2 |

|  [null](#requirement\_null) | >= 2.1 |

|  [random](#requirement\_random) | >= 2.3 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 2.45 |

|  [external](#provider\_external) | >= 1.2 |

|  [null](#provider\_null) | >= 2.1 |

|  [random](#provider\_random) | >= 2.3 |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [lambda\_invocation](#module\_lambda\_invocation) | matti/resource/shell | ~>1.0.7 |

|  [lambda\_invocation\_result](#module\_lambda\_invocation\_result) | matti/resource/shell | ~>1.0.7 |

|  [lambda\_version](#module\_lambda\_version) | rhythmictech/find-release-by-semver/github | ~> 1.0 |



## Resources



| Name | Type |

|------|------|

| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy.secret_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

| [aws_iam_role_policy_attachment.lambda_basic_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |

| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |

| [null_resource.lambda_zip](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [random_string.trigger](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |

| [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.secret_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [external_external.sha](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [length](#input\_length) | Length of the password to be created | `number` | n/a | yes |

|  [name](#input\_name) | Moniker to apply to all resources in the module | `string` | n/a | yes |

|  [keepers](#input\_keepers) | Arbitrary map of values that when changed will force a new password | `map(string)` | `{}` | no |

|  [lambda\_version\_constraint](#input\_lambda\_version\_constraint) | NPM-style version constraint for the version of the lambda code you want to use | `string` | `"^1.0.3"` | no |

|  [lower](#input\_lower) | Whether to use lower case characters | `bool` | `true` | no |

|  [min\_lower](#input\_min\_lower) | Minimum number of lowercase letters | `number` | `0` | no |

|  [min\_numeric](#input\_min\_numeric) | Minimum number of numeric characters to use. Must be at least 1 | `number` | `1` | no |

|  [min\_special](#input\_min\_special) | Minimum number of special characters to use. Must be at least 1 | `number` | `1` | no |

|  [min\_upper](#input\_min\_upper) | Minimum number of uppercase characters to use. Must be at least 1 | `number` | `1` | no |

|  [number](#input\_number) | Whether to use numbers | `bool` | `true` | no |

|  [override\_special](#input\_override\_special) | Supply your own list of special characters to use for string generation | `string` | `"!@#$%&*()-_=+[]{}<>:?"` | no |

|  [secret\_description](#input\_secret\_description) | Set a description for the secret | `string` | `"A password created by Terraform"` | no |

|  [special](#input\_special) | Whether to use special characters | `bool` | `true` | no |

|  [tags](#input\_tags) | User-Defined tags | `map(string)` | `{}` | no |

|  [upper](#input\_upper) | Whether to use uppercase characters | `bool` | `true` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [lambda\_version](#output\_lambda\_version) | The selected version of the Lambda code |

|  [lambda\_version\_info](#output\_lambda\_version\_info) | all information about the selected version of the Lambda code |

|  [result](#output\_result) | String result of Lambda execution |

|  [secret\_arn](#output\_secret\_arn) | ARN of the secret containing the password |

|  [secret\_name](#output\_secret\_name) | Name of the secret containing the password |



## The Giants Underneath this Module

- [pre-commit.com](pre-commit.com)

- [terraform.io](terraform.io)

- [github.com/tfutils/tfenv](github.com/tfutils/tfenv)

- [github.com/segmentio/terraform-docs](github.com/segmentio/terraform-docs)