Skip to content

Commit 6a3620a

Browse files
authored
Merge pull request #6 from kedeinroga/fix-iac
Adjust Terraform's secret version lifecycle
2 parents 0f3bc42 + 283e80a commit 6a3620a

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

terraform/secrets.tf

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,22 @@ resource "google_secret_manager_secret" "secrets" {
2121
# Create initial secret versions with placeholder values
2222
# This allows the infrastructure to be created without failing
2323
# You MUST update these values before deploying the application
24+
#
25+
# IMPORTANT: This resource only creates the INITIAL version.
26+
# After you manually update the secret values, Terraform will NOT overwrite them.
27+
# The lifecycle block prevents Terraform from recreating or modifying versions.
2428
resource "google_secret_manager_secret_version" "secret_versions" {
2529
for_each = var.secrets
2630

2731
secret = google_secret_manager_secret.secrets[each.key].id
2832

29-
# Placeholder value - MUST be changed before production use
33+
# Placeholder value - only used for initial creation
3034
secret_data = "CHANGE_ME_${upper(replace(each.key, "_", "-"))}"
3135

3236
lifecycle {
33-
ignore_changes = [secret_data]
37+
# Prevent Terraform from ever recreating this resource
38+
# This ensures manually updated secret values are preserved
39+
ignore_changes = all
3440
}
3541
}
3642

0 commit comments

Comments
 (0)