https://github.com/tsirysndr/secrets
My Personal Secret Manager, configured with Terraform + Google Secret Manager & Cloudflare Worker Secrets๐ ๐
https://github.com/tsirysndr/secrets
cloudflare google-cloud-platform linux macos secrets-management shell teller terraform
Last synced: about 2 months ago
JSON representation
My Personal Secret Manager, configured with Terraform + Google Secret Manager & Cloudflare Worker Secrets๐ ๐
- Host: GitHub
- URL: https://github.com/tsirysndr/secrets
- Owner: tsirysndr
- License: mit
- Created: 2024-02-19T15:11:39.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-17T12:09:23.000Z (over 1 year ago)
- Last Synced: 2024-11-14T00:07:11.704Z (over 1 year ago)
- Topics: cloudflare, google-cloud-platform, linux, macos, secrets-management, shell, teller, terraform
- Language: TypeScript
- Homepage:
- Size: 74.2 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Secrets ๐ ๐
[](https://github.com/tsirysndr/secrets/actions/workflows/deploy.yml)
This is my [terraform](https://terraform.io) code to keep all my secrets in sync across all my devices. It uses [Google Secret Manager](https://cloud.google.com/secret-manager) and [Cloudflare Worker Secrets](https://developers.cloudflare.com/workers/configuration/secrets/) to store the secrets so I can access them from anywhere later using [teller](https://tlr.dev/).
I use [Github Secrets](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions) as a single source of truth for my secrets. Github Actions will then use this terraform code to store the secrets in [Google Secret Manager](https://cloud.google.com/secret-manager) and [Cloudflare Secrets](https://developers.cloudflare.com/workers/configuration/secrets/) on every `git push` to this repository.
## ๐ Quickstart
1 . Clone this repository
```sh
gh repo clone tsirysndr/secrets && cd secrets
```
2 . Create a `secrets.tfvars` file with the following content:
```hcl
gcp_credentials = "path/to/your/credentials.json"
gcp_project = "your-gcp-project"
secrets = {
"secret-1" = "super-secret-value-1",
"secret-2" = "super-secret-value-2"
}
```
3 . Run the following commands:
```sh
terraform init
terraform validate
terraform plan -var-file=secrets.tfvars
terraform apply -var-file=secrets.tfvars
```
## ๐ฅ Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| account_id | The Cloudflare account id | `string` | n/a | yes |
| cloudflare_api_token | The Cloudflare API token | `string` | n/a | yes |
| gcp_credentials | The path to the GCP credentials file | `string` | n/a | yes |
| gcp_project | The GCP project id | `string` | n/a | yes |
| gcp_region | The GCP region to create the secret | `string` | `us-east1` | no |
| secrets | A map of secrets to store in Google Secret Manager / Cloudflare Wroker Secrets | `map(string)` | n/a | yes |
| worker_name | The Cloudflare worker name | `string` | n/a | yes |
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details