Skip to content

feat: Ephemeral password support #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+16 −0
Open

feat: Ephemeral password support #513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ resource "aws_rds_cluster" "this" {
manage_master_user_password = var.global_cluster_identifier == null && var.manage_master_user_password ? var.manage_master_user_password : null
master_user_secret_kms_key_id = var.global_cluster_identifier == null && var.manage_master_user_password ? var.master_user_secret_kms_key_id : null
master_password = var.is_primary_cluster && !var.manage_master_user_password ? var.master_password : null
master_password_wo = var.master_password_wo
master_password_wo_version = var.master_password_wo_version
master_username = var.is_primary_cluster ? var.master_username : null
monitoring_interval = var.cluster_monitoring_interval
monitoring_role_arn = var.create_monitoring_role && var.cluster_monitoring_interval > 0 ? try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) : var.monitoring_role_arn
Expand Down
14 changes: 14 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,20 @@ variable "master_password" {
default = null
}

variable "master_password_wo" {
description = "Write-only password for the master DB user. Required unless `manage_master_user_password` is set to `true`, or unless `snapshot_identifier` or `replication_source_identifier` is provided, or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database. Unlike `master_password`, this value will not be stored in the Terraform state file"
type = string
ephemeral = true
default = null
}

variable "master_password_wo_version" {
description = "Optional version identifier used to detect changes in `master_password_wo` and force update. Increment to rotate the password."
type = string
default = null
}


variable "master_username" {
description = "Username for the master DB user. Required unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database"
type = string
Expand Down
Loading