added documentation for identity, secret, and secret data child modules

Author: JBAnderson5

cloud-foundation/modules/cloud-foundation-library/identity/documentation/identity_module_pattern.png

@@ -0,0 +1,74 @@
+# Oracle Cloud Foundation Terraform Module - secret-data - quickly read the contents of secrets that already exist
+
+
+
+## Table of Contents
+1. [Overview](#overview)
+1. [Deliverables](#deliverables)
+1. [Architecture](#Architecture-Diagram)
+1. [Executing Instructions](#instructions)
+1. [Documentation](#documentation)
+1. [The Team](#team)
+1. [Feedback](#feedback)
+1. [Known Issues](#known-issues)
+
+
+## <a name="overview"></a>Overview
+This module allows you to quickly read OCI secrets that already exists in your tenancy. It will handle the data decoding and give you back the contents in a key-value map.
+
+
+## <a name="deliverables"></a>Deliverables
+This folder contains several deliverables:
+- A terraform child module that gets the contents from existing secrets
+- an example parent module that uses the child module to retrieve a single secret
+
+
+## <a name="architecture"></a>Architecture-Diagram
+<brief introduction to arch diagram. update link to where your image lives. default is in the documentation folder>
+
+![](./documentation/secret_data_module_pattern.png)
+
+## <a name="instructions"></a>Executing Instructions
+
+## Prerequisites
+The executor of this stack will need permissions to read secrets and secret bundles. Additionally, there will need to be at least one existing secret to read from
+
+## Deployment
+This module is a child module and can't be run directly. It needs a parent module to call this module to run. See the examples folder for example parent modules that call this submodule
+
+### source type
+github url with path and git tag is recommended for production code. local path is used for sub-module development and customization
+- github url - make sure to update the version tag to latest stable git tag version for initial deployment. If already deployed and you want to update the version, you need to validate that the new child module version works with your codebase and doesn't create dangerous resource changes, deletions, or creations
+```
+    source = https://github.com/oracle-devrel/terraform-oci-oracle-cloud-foundation//cloud-foundation/modules/cloud-foundation-library/secret-data/module?ref=v1.2.0 
+```
+- local path - this should be used if you are customizing the module. The actual path will need to be updated to where your child module resides relative to your parent module.
+```
+    source = "../../module"
+```
+
+## Resources Created
+
+This module does not create any resources. It just retrieves data from existing infrastructure
+
+### Secret Contents
+The "secret_ocids" variable accepts a map of strings. The key is used for reference and will map to the key of the "contents" output variable. The string value should be the ocid of the secret you want to retrieve. The secret contents will be decoded and placed in the "contents" output variable.
+
+### vault and key
+The first secret in the map will additionally be used to return the vault and key used to encrypt it. This allows you to quickly turn around and create your own secret to share information about your stack to others.
+
+
+## <a name="documentation"></a>Documentation
+
+<link to official oci documentation for the resources you create>
+
+[Vault Overview](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm)
+
+## <a name="team"></a>The Team
+- **Owners**: [JB Anderson](https://github.com/JBAnderson5)
+
+## <a name="feedback"></a>Feedback
+We welcome your feedback. To post feedback, submit feature ideas or report bugs, please use the Issues section on this repository.	
+
+## <a name="known-issues"></a>Known Issues
+**At the moment, there are no known issues**

cloud-foundation/modules/cloud-foundation-library/secret-data/README.md

@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2022-06-22T23:06:34.397Z" agent="5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36" etag="BvIIzN9VZePLoHi3VUql" version="18.2.0" type="device"><diagram id="UgEwujfaN0rQrrYDC2Rh" name="EBS: V2 Single VCN">7Vvrd6JKEv9r5uPkNK88PqoYQ64NMWIMflN0EETJCobHX79V1Y1C3JiZvXPv2T27uecepOluquv5qyrmm9bbFoP9/G3Nk+Uq/qayZfFNM7+pqqpoGlxwpBQjN5oiBoJ9uBRDjYFxWK3kIJOjh3C5SlsTsySJs/CtPegnu93Kz1pj8/0+ydvTfiRx+61v82B1NjD25/H56DRcZmsxemuw0/jDKgzW9ZsVJp9s5/VkOZCu58skbwxp/W9ab58kmfi1LXqrGJlX80Wsu//k6ZGw/WqX/cyCqjOel6Xxj53efQy6f8SjwPnju6LeSeqysj7yagkckLfJPlsnQbKbx/3TaNc/7N9XuK0CN/vksFvSHYO704JhkrzJKdEqy0op2/khS2BonW1j+XRVhNlr47eHW12phrw1C7k13ZT1zS7bl6+NmXjvNR+e1tFdvfBHsst6SZzs6bBar3d/3+vB+Dk7JYeRHY0BydzBKtmuYF+YsF/F8yx8byvMXOpdcJx3XPqUhPAKlUkb+W5c3d6y45/CpERqg1Gv2M3d6U9r758mh72/kluepA8/GjSehkgnfkk/bv7b9aOlHA1l+a/RD/WaXRnGSQOMln5o+u2V8VfpxDu/O+zfKlXXX53pE3+46Wf774r+b6jEb9MCdnVjNBXhr/ESLQ3+u0Tf2e/nZWPCG0owvaAZSttVaOxDBPgw/1q/NB1+CAI+WaxdfVA89QbU8uS41Pbpsvk+WGW/Qwlvn/54Xej9xXDLBj3zYA6TJ/5duqX3eXyQ3D1TyrbK5eswW43f5j4+zQGstNXrRxjHDbP/YeB/5+5A/MF4mu2Tzarx5Jr+jtryvtpnq+LTUP2JvtSC1XTW4rV6J+/zEwZRb+TYuok/btnnStaSwa8yXDtj+Mv8EKOCfFOv4fwKMvk7Ir15Nj+TBYCfN/wZbglvdZE9IaCs4Xyxip+SNMzCZAfPF0mWJdvGhE4cBvggQzfRpeWd9E0gPXzjvL75ERYo6658g0lkaB1xq96n78E3tVuAvNXe04OtzsquvpgWB79i4fzhmflm8j7UltqyNDReGu/+1n/nUSfnvbtqufVD62GdLQZG5ezW6Xxq7J/Gj8ny4Tl3wtt3WKUNd3413N6Vs/K2cNyNMdTEPCvsqrPXx2o+vTs8ja1iGPVDaxBvYD33XuPYj28LmKPDs9x/COA9mzsr6uarnhUst3G8ZI/vK5OFvNfJLXOkDiOvwv0dl+uO6zHHHDEYL4eRlYvxjm6bI41HnmKHVuBrz8ZiMLmzti8Hb/qYzsZK6E3t/Ux7fF9OjY2zNeJliXt3Atv0DnY0gqt14FH/BulaTPNrHyzFU2GPXbecvdqxv5vF8EybT5/ZHGgT67iB7+dVYMAeSAOccx3Pp8tkSXNwz46YYwbMNv3SjiaqFelbS1uvnaqolg8x0Ndlq9duDPxhs9c1G6p25ZcWyO4xtHXPTR+HO5vxh2w7nxapE9qD580M/vdufoy9aDXo3/TGRrU0729m2zhdmEnEN1wBTmmOxuSb8nfJldOut7NK0pFvmr8fnwZ+49290ebWH9yzea8bLQb3FWqPr41y4AZK1ObR5gDvSm2zf+DVMhq6AXIms3t6xUNWwDV3eqzgYz2X94ZdssKB5840z3hPL4YurHVnKe8xlKo+77EcpK4uI+tgu+tk6MLVXKt0ddeWg3vC2bnbuXkMQQqlFzluurWqjbhXOe4L2pCD9k0YruOmlfJQV4CWCvbWhybtFdEzoJ/T+IZosSsv46Vu8LEY86pOBmsLsZ8PdHA4cz9tz8F1HPbJ4d5iQ+SHO8I5mt3L4Vy+NketqZ6ndqmXdu8S/Xlhj3WVlwy0f5lyd4I8Te1Q1xZmB+5HSLtpmzBe5qUDc51ezuDM5dDksCZIOdDDTb+WSzp0O7BmkuIcp09rDDgPA7lUtpaEw4YG9Nwi916fE2tgp96rXYGcQb86oN2jO2vDKuQtJ150jIXZV8DCqyGezVzj+VHGpT0lGTBe5hrwWxnCGRyTC9qjfoZXoLkAOooFyZvDHh3gmaCVV7S+sMvLcnaQlpIx4LkGsgPeBxVcYT/fgCuMe3jVxTvgvfA++8FDeWpcDeieTwOhL68eyGmC+gdnG+nLkNH92PRBbo+RoMtPYQ1zaI5fCD0KUF8qPs5pPtBWcLNBZ4PuUYXzgQ9Rn2SKa8gGTNAnsB0ePUac9g501CGYi3uDnFCvRgXqnm3eR0CDCvLLQd4g5wnSBLzEOVwhmqplAvqi8G2AHriAsxS8n7dkZ/WPsswv0SzlY0j5cNBH1EXVFvarAm3w3AJ7BR2LZqoj+FnwCZwhmhReKeyZbCsaIe9L8AFkE0PQA25uSB7g5YCuDZ67Ih3ukR1ooCdwzj7sZZWX6AQ7RRtHnZP7gK4BX+0e8Y8h/4SdTqSdcuF7QC/RT4EtC/kD/xzThnOBv3jwirl5n5DMBwHqVbVAPqAuow8b8Jz8BuqI6yNfGPoJ+U6kH2w9R3+n84s+K2/ZANqOLfha4vvA1pGnJd/KeS7Ni8B+qiHZlEe25SAv4UyOa5Hf4BWsc9FHP6OPg7WdCnSBrrAv2SGPXuQzTxWy9graP5pxXnWEr/vKFtlRt3LXRJ5MwBd1r63wthlN3Pz9l2NNcYw1FfowC3U9dybE2wp0HvzLRFtGAZw9TvggINt9gXsbz4z2Ek0ymKuDvhZgSyrwFXxWoCzRbwF/hX6OUIYZ7dmjeaBHrJ4PZ0cfe9kXwRyQMfqiDupVSXGGeA/+BulwQfdd8JPufSLkh1cRN4F3uk2+EhAT+FKKSbimqn3mBq5r0jnQb/RlGunhz/lJsJ0N2Zptbmg/jjEO7RF9B/liJnzxSSd4i9+v5zFioRbGTL07tOMEoL2H7jsgQYbyA38JtFupg3E/7FQ2xWA856a0TI4+DfxKH/0R3gPP4H8TeGZOAophEfhb4BXoNdxzST/4vHHnow/4N+lDbAFxukJ5WPAOT/DkeD8SzyMcD4KP/P2g319pcAQRu5K7RfcUURzwGmTZJXr9iUbIIcTfnKEnRysXz1HqG/k8l3PxOUWkyhaeSBOWi5EFIhrtaYnnhK762hfRSZPoSBUeFK8U5eDK8R4sx2fi3itWofX+FEoUOgJ7fuiul4Mg8NRi7Wsc8DP49LEVzAAPu+4IrQy9O0blcmxa6CXACtFCZonwUo9Toe2P1xidHIyOJUWSEjx7zhUPUJhejE1uvERWhZHtjIaB/eZvbcTVH2UQUV5RgVckrG4bmJ+A1itIox/BM7L+j2d6jD1tFNDaCKOVJ3MWRBmA58Oz95zyBERCkNfMBy9vM3XNRD400n9Ra8iPo95v4O0vKmEXzSMfPkeMQNgYY9JMpXjqxkmNlW3EnxsOUoVMyuyr5FtMX9q8iIlCImsT8THGTqBaF3gE5qK2jil+gQQu+BgNY/ekQjyCMbeJWSjmElaBuIp4Zox4B2y46meEyQcBw7U13qdYKzCaImLuRBkTzuTGKuzaMrYSbiKcCf7JRuuguDfKhC9Fzd8wOQZ09vMzmuk+k3iro2HsdSAGcMTGvbyx/rmSY0BLQBboILbHsT7ibcRcfQMsDXzZBP0EWDj6j0naovWDD33q3e2OmtaMjFX7t6/Ndk8BlhVk2efP1lqu21W0Y12lUWvRb85LLbr6F1Vabv/i0taPH6rvY+lEllb24kznJa3l9eLauP60GCPm110x9TeVvo6lrmN9W7vSjTOJHAtdTZHcaFcXaqx/SijqmVA6/TEM/LEq/18C+ztLYAiKLJWbQBcAVgBTFYQv7XeVwBAAASz55RKYWOflQFcJgEwFyJHbpv+/WALD8ox7LLWYlAJCeglXnUIKll0A5NiU0uqYnmN6r9RQG4BgXeLJRIkHQ50nSioqpb7sq7KCTGEUTEMd08M0hkJYXW6zRYgksCPTdkWml7pL70MwOULQqf0UqOvVoA4gBZV/MI2ORcrpUqkK0uWadkuR9FWUJst0TEINSLNZDTkghN7X5R+RcqpEK6Q8VL75Arx6osREEJ4AMMoBS10Mzy75XhLfId237z1KHV2zeYZNcDpTV9KyEbSwXKTGVPyF9KiXI0gu6rKHSJvuVdybT/HsCMm8L6AHlQsgPeswAc0mMm3v1+l7KoDx8iz1ozTlWBIA2RPwf0yb/PIqgIxUHvNUIYsAy2EIbSDNIkgF65DvG1bzBaCluF5MKQlukWzlOtXe1uUgRuUgwVcsA9RlI490g/dzAvF4lg+6djtUW5bnFrufTy9amsj5sTBAVBZUOEWpU5o0YlIT07Ym0lVzxnmdDDc1sVF48S9K1RFWx2RyC1euCq6jhZIUqChDWiK52NbCGNMf1FwsfpWgyZq9lQVVPBdpRiAKBCbPZJED7vFMwSXaTCxSgOVXtigYlqLQaOlU2MbCIYFXLJLNplhctQd10YQpwmth0cRTEOg65stUzv1Y6PkypcFSoEgxwJYigtn4ZirDU0pyVvr0q74onTbLoeapHDo0qfxniESaUpDqVNLDkrmtypSCkrBLvqQu/VJ6hbaN5Uk1qMvCKDE4G0N/ZQofLrjvYKkAyxNUtvDkeOusKFlsh6iUFmz/dPpSteabcg/0/w9cjlFakzbTmkkly1OmVYryC/o1q7xsj82E5cNvxEsw87ekJ+wDHlbUMzCsqX9jenJ9hoTHK3+/wg8V/g+C/yYQjA6q/7EPXDm9DsPOHKfxwICwqcO4ZkdYo7HZalogqIwX2/sQoF/mbe+jubosF9rLYWa+HWavftDcX4DqfumUVrAaKKmzs3MAzrhH7m9fKjiPOoOAs1TjDQQioPczulo1n09pPBqQpNV6eDZ8BO6753j1MHr3NLs6guV8c0DYuVJnb4tBfm2xmYDBUXbXgsmvNUzm5aiaGHbkH2EyGSoCbvcIwBsViFawbQHiLzqCGCAU7LCAiymdPpfwFatOoqPhYNUWq7nupobAVHkSEBiCTvScUqeE3LWlAN1U+abuBlZUKgt/o5vE+iO4LKz2T76q6iDsER3YMdNFlSagjgh2n+1XLsc4dYRobJzTGHWSqOJFnZJieOrA5AKCeQDBJpg4pdTNIrhHLlV2E7Bb5mFVXXZH8dlGER1K3A+D/eYS/R87tm0eP/xSx5a68AiBvWokAQ2Co0Cc3bVSCQpoTJ5dQsgOwTfQVQGZQ6pB6+LsgTj7tj67ZXydooBOIHx2N5gC5FjHppAMKQCF2B5BQ2ZPckEzdqin7RQAYT518xHuy9o3gCQMg4aE+Qi49AbMx70LSbPoPl6qZDKs6GEHH1I2t4+pDOhBDqG+rxNEF90M3Z7QvJK6jC7pJ9EvAB5WE/uYSsjfXdMRgCsfEh0WfT0g9NmS+vwCOkvwvhiaUv9I14T+gd5+oS8j6rRgmAd9yUVYH7FTeoLJ+POH9GRmIqgEPcC5qexWVlg1Fl1YrGhiWii7ni0wjGD2mHIwW8D+8te6Uh1FdICxy2XJ7qV8D8EovPfhGn/SvbQaz/5F9zKyqHsJvC/pKw7sSoeSp3WfRHR+UTeVL3ojpUibuNA7NxCpfS+v7St3j7L/zZ3PCOHxBM+hcxUTGEgXT2ky2AmdW5EpJ57ToM40dfoIRivgy4TNE0ydULfSfmnrsNR1Hed92Wk/pqNHH5E2fYRLHQSQzyvZX2kPap17jqhzTunzhCrmZM/UsdiIK8kf03hIs0k/8Auj+1Zqe5k+/GLDwnPrtvAxFfAIbDhQha/yEVqrqMMNPeItPmsJ2K9PnVey9ynyk5NPgP1gX/w6R/gzXvlYuqlsjcsx1GUvpbEyp7Gf4KfQTbIpGWuoRMO1k14BTybop7Ent0HbM4Wtwm/y355BvgTLUdixHgtZYteEeo8Yr7CHdfyahRJgw6au9USVPqMQySrKBksEneqyXfjYT0u5jNnIG9AL9Mclfp0ken7kk8sX6rh3sMQl9scuFJY2MEUC2VO5SvFK+nps9zMxrn/CIONjp0UlfiJe6NUlG0yLRElIJL2cCT/lCT8rv2Rx6MuAfiG+AHkRMTiiWFWQ/iL91Gm7mGRH8mu3XHaGEF9gSoZfCKEvVcQXbS+y8zRi4gs46niJr9wo/Zy5okPfF50/+iJA3qNP3/1ndJPUj99kG/r5l7u3vyVdg9vTvx4S31Wf/g2W1v8n</diagram></mxfile>

cloud-foundation/modules/cloud-foundation-library/secret-data/documentation/secret_data_module_pattern.drawio

@@ -12,7 +12,7 @@ variable "load_from_secrets" {
 variable "secret_ocids"{
     type = map(string)
     default = {}
-    description = "a map of objects where key is used for output reference. the ocid inside should refer to a secret's ocid"
+    description = "a map of strings where key is used for output reference. the ocid inside should refer to a secret's ocid"
 }
 
 
@@ -50,6 +50,8 @@ output "key" {
     description = "the ocid of the key that encrypted this secret"
 }
 
+# TODO: should we also return the compartment the secret was created in?
+
 # logic
 
 

cloud-foundation/modules/cloud-foundation-library/secret-data/documentation/secret_data_module_pattern.png

@@ -0,0 +1,84 @@
+# Oracle Cloud Foundation Terraform Module - secret - quickly create OCI secrets and the underlying vault resources if necessary
+
+
+
+## Table of Contents
+1. [Overview](#overview)
+1. [Deliverables](#deliverables)
+1. [Architecture](#Architecture-Diagram)
+1. [Executing Instructions](#instructions)
+1. [Documentation](#documentation)
+1. [The Team](#team)
+1. [Feedback](#feedback)
+1. [Known Issues](#known-issues)
+
+
+## <a name="overview"></a>Overview
+This module allows you to quickly create OCI secrets by just passing in the data in a simple and flexibe json format. It will handle the data encoding for you and also create a vault and AES key if required. It will also create new secret versions whenever the secret contents change.
+
+
+## <a name="deliverables"></a>Deliverables
+This folder contains several deliverables:
+- A terraform child module that creates the secret and vault resources
+- an example parent module that uses the child module to create secrets. 
+    - three secret content types are shown: string, list, and map
+    - vault and key options are also shown: provide an existing vault and key or omit and they will be created
+    - ability to pass in one or multiple secrets into the same module is also shown
+
+
+## <a name="architecture"></a>Architecture-Diagram
+<brief introduction to arch diagram. update link to where your image lives. default is in the documentation folder>
+
+![](./documentation/secret_module_pattern.png)
+
+## <a name="instructions"></a>Executing Instructions
+
+## Prerequisites
+The executor of this stack will need manage permissions and quotas to create secrets. They will also need manage access to create vaults and keys if they do not use an existing vault and key. Otherwise they will need use access to vaults and keys
+
+## Deployment
+This module is a child module and can't be run directly. It needs a parent module to call this module to run. See the examples folder for example parent modules that call this submodule
+
+### source type
+github url with path and git tag is recommended for production code. local path is used for sub-module development and customization
+- github url - make sure to update the version tag to latest stable git tag version for initial deployment. If already deployed and you want to update the version, you need to validate that the new child module version works with your codebase and doesn't create dangerous resource changes, deletions, or creations
+```
+    source = https://github.com/oracle-devrel/terraform-oci-oracle-cloud-foundation//cloud-foundation/modules/cloud-foundation-library/secret/module?ref=v1.2.0  
+```
+- local path - this should be used if you are customizing the module. The actual path will need to be updated to where your child module resides relative to your parent module.
+```
+    source = "../../module"
+```
+
+## Resources Created
+
+The "compartment" variable takes in a compartment ocid and is used to determine what compartment to create the resources in. If you are using an existing vault and/or key, your secret should live in the same compartment.
+
+### Vault
+The "existing_vault" variable takes in an optional ocid of an existing vault. If none is provided, a new vault will be created using the "vault_name" and "vault_type" variables. The vault name should be customized to make logical sense to your company. The vault type defaults to the DEFAULT vault type. If stronger isolation is required, you can also use the VIRTUAL_PRIVATE vault type.
+
+### Key
+The "existing_AES_key" variable takes in an optional ocid of an existing vault. If none is provided, a new key is created using the "AES_key_name" and "AES_key_length" variabes. The default key length is 32 Bytes (256 bits). Shorter keys with 16 Bytes (128 bits ) or 24 Bytes (192 bits) are available. 
+
+If an existing key is provided, the vault it lives in must also be specified with the "existing_vault" variable. However, you can specify a new key in an existing vault or a new vault.
+
+### Secret
+The "secrets" variable is a map of a custom secret object. Each entry in the map will create a secret. The keys in the map will be the names used for the secret and also used as the key in the secrets output variabe. The values of the map are a custom object with two fields currently. The "contents" field should contain the data you want encrypted in the secret. The "description" field should contain helpful information that does not need to be encrypted like what the secret contains or how to use it.
+
+Note: while the contents field accepts any valid terraform variable type including complex types, the same type is required for each module call. I.E. creating two secrets with different content formats (string and list) requires two module calls
+
+
+## <a name="documentation"></a>Documentation
+
+<link to official oci documentation for the resources you create>
+
+[Vault Overview](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm)
+
+## <a name="team"></a>The Team
+- **Owners**: [JB Anderson](https://github.com/JBAnderson5)
+
+## <a name="feedback"></a>Feedback
+We welcome your feedback. To post feedback, submit feature ideas or report bugs, please use the Issues section on this repository.	
+
+## <a name="known-issues"></a>Known Issues
+**At the moment, there are no known issues**