secret/variable.tf at main · jnikita19/secret · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
variable "secret_name" {
  description = "Name of the secret"
  type        = string
  default = "my-secret"
}

variable "secret_description" {
  description = "Description of the secret"
  type        = string
  default     = "Secret for RDS MySQL DB"
}

variable "kms_key_id" {
  description = "KMS key ID for encryption"
  type        = string
  default     = "119bd441-337d-4dfe-bc7f-ffc228833a83"
}

variable "secret_string" {
      sensitive   = true

  type = map(string)
}


variable "enabled_rotation_secret" {
  description = "Whether to enable secret rotation"
  type        = bool
  default     = false
}


variable "automatically_after_days" {
  description = "Days after which the secret is automatically rotated"
  type        = number
  default     = 30
}

variable "recovery_window_in_days" {
  description = "Number of days AWS waits before deleting the secret permanently"
  type        = number
  default     = 7
}

variable "used_for_service" {
  description = "Database service the secret is for (e.g. RDS, DocumentDB, Redshift)"
  type        = string
}


variable "owner" {
 type = string
 default = "Nikita"
}

variable "env" {
  type = string
  default = "dev"
}

variable "app" {
  type = string
  default = "dealshare"
}


variable "enable_rotation" {
  type    = bool
  default = false
}

variable "rotation_lambda_arn" {
  type    = string
  default = null
}

variable "rotate_immediately" {
  type    = bool
  default = false
}

variable "rotation_rules" {
  type = object({
    automatically_after_days = number
    duration                 = optional(string)
    schedule_expression      = optional(string)
  })
  default = null
}

# Policy Variables
# -----------------------
variable "create_policy" {
  type    = bool
  default = false
}

variable "policy_statements" {
  type    = list(any)
  default = []
}

variable "source_policy_documents" {
  type    = list(string)
  default = []
}

variable "override_policy_documents" {
  type    = list(string)
  default = []
}

variable "block_public_policy" {
  type    = bool
  default = true
}

variable "create" {
  type    = bool
  default = true

}


variable "secret_file_path" {
  type        = string
  default     = null
  description = "Path to a JSON file containing the secret. Use this OR secret_string."
}