Skip to content

Commit 210cc15

Browse files
artem-hatchenkoartem-hatchenko
committed
Added ephemeral password support
1 parent 4025104 commit 210cc15

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

main.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,8 @@ resource "aws_rds_cluster" "this" {
7878
manage_master_user_password = var.global_cluster_identifier == null && var.manage_master_user_password ? var.manage_master_user_password : null
7979
master_user_secret_kms_key_id = var.global_cluster_identifier == null && var.manage_master_user_password ? var.master_user_secret_kms_key_id : null
8080
master_password = var.is_primary_cluster && !var.manage_master_user_password ? var.master_password : null
81+
master_password_wo = var.master_password_wo
82+
master_password_wo_version = var.master_password_wo_version
8183
master_username = var.is_primary_cluster ? var.master_username : null
8284
monitoring_interval = var.cluster_monitoring_interval
8385
monitoring_role_arn = var.create_monitoring_role && var.cluster_monitoring_interval > 0 ? try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) : var.monitoring_role_arn

variables.tf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,20 @@ variable "master_password" {
282282
default = null
283283
}
284284

285+
variable "master_password_wo" {
286+
description = "Write-only password for the master DB user. Required unless `manage_master_user_password` is set to `true`, or unless `snapshot_identifier` or `replication_source_identifier` is provided, or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database. Unlike `master_password`, this value will not be stored in the Terraform state file"
287+
type = string
288+
ephemeral = true
289+
default = null
290+
}
291+
292+
variable "master_password_wo_version" {
293+
description = "Optional version identifier used to detect changes in `master_password_wo` and force update. Increment to rotate the password."
294+
type = string
295+
default = null
296+
}
297+
298+
285299
variable "master_username" {
286300
description = "Username for the master DB user. Required unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database"
287301
type = string

0 commit comments

Comments
 (0)