terraform-ibm-modules · terraform-ibm-modules-dev · Nov 9, 2025 · Nov 8, 2025
@@ -18,10 +18,10 @@ This module automates the installation and configuration of the [External Secret
     * [eso-secretstore](./modules/eso-secretstore)
     * [eso-trusted-profile](./modules/eso-trusted-profile)
 * [Examples](./examples)
-    * [Basic Example](./examples/basic)
-    * [Example that uses trusted profiles (container authentication)](./examples/trusted-profiles-authentication)
-    * [Example to deploy the External Secret Operator and to create a different set of resources in terms of secrets, secret groups, stores and auth configurations](./examples/all-combined)
-    * [ImagePull API key Secrets Manager](./examples/all-combined/imagepull-apikey-secrets-manager)
+    * <div style="display: inline-block;"><a href="./examples/all-combined">Example to deploy the External Secret Operator and to create a different set of resources in terms of secrets, secret groups, stores and auth configurations</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=eso-all-combined-example&repository=github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator/tree/main/examples/all-combined" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
+    * <div style="display: inline-block;"><a href="./examples/all-combined/imagepull-apikey-secrets-manager">ImagePull API key Secrets Manager</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=eso-imagepull-apikey-secrets-manager-example&repository=github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator/tree/main/examples/all-combined/imagepull-apikey-secrets-manager" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
+    * <div style="display: inline-block;"><a href="./examples/basic">Basic Example</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=eso-basic-example&repository=github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator/tree/main/examples/basic" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
+    * <div style="display: inline-block;"><a href="./examples/trusted-profiles-authentication">Example that uses trusted profiles (container authentication)</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=eso-trusted-profiles-authentication-example&repository=github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator/tree/main/examples/trusted-profiles-authentication" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
 

@@ -30,7 +30,7 @@ module "secrets_manager_private_secret_engine" {
 module "secrets_manager_private_certificate" {
   depends_on             = [module.secrets_manager_private_secret_engine]
   source                 = "terraform-ibm-modules/secrets-manager-private-cert/ibm"
-  version                = "1.7.4"
+  version                = "1.7.5"
   cert_name              = "${var.prefix}-sm-private-cert"
   cert_description       = "Private certificate for ${local.pvt_cert_common_name}"
   cert_secrets_group_id  = module.secrets_manager_group.secret_group_id

@@ -8,7 +8,7 @@
 module "secrets_manager_public_cert_engine" {
   count                                     = (var.acme_letsencrypt_private_key != null || (var.acme_letsencrypt_private_key_sm_id != null && var.acme_letsencrypt_private_key_secret_id != null && var.acme_letsencrypt_private_key_sm_region != null)) ? 1 : 0
   source                                    = "terraform-ibm-modules/secrets-manager-public-cert-engine/ibm"
-  version                                   = "1.4.1"
+  version                                   = "1.4.2"
   secrets_manager_guid                      = local.sm_guid
   region                                    = local.sm_region
   internet_services_crn                     = data.ibm_cis.cis_instance.id

@@ -36,7 +36,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 # create secrets group for secrets
 module "secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-secret-group"                   #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -49,7 +49,7 @@ module "secrets_manager_group" {
 # additional secrets manager secret group for service level secrets
 module "secrets_manager_group_acct" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.3.15"
+  version              = "1.3.16"
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid
   #tfsec:ignore:general-secrets-no-plaintext-exposure

@@ -7,7 +7,7 @@
 # creating a secrets group for clustersecretstore with trustedprofile auth
 module "tp_clusterstore_secrets_manager_group" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-cpstore-tp-secret-group"                                           #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value

@@ -40,7 +40,7 @@ module "eso_tp_namespace_secretstores" {
 # creating a secrets group for each namespace to be used for namespaced secretstores with trustedprofile auth
 module "tp_secrets_manager_groups" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   count                    = length(var.es_namespaces_tp)
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
@@ -140,7 +140,7 @@ module "eso_tp_namespace_secretstore_multisg" {
 # creating two secrets groups for a single namespace to test trusted profile policy on multiple secrets groups
 module "tp_secrets_manager_group_multi_1" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-multisg-1"                                                                #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -152,7 +152,7 @@ module "tp_secrets_manager_group_multi_1" {
 
 module "tp_secrets_manager_group_multi_2" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-multisg-21"                                                               #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -285,7 +285,7 @@ module "eso_tp_namespace_secretstore_nosecgroup" {
 # creating secrets group for a single namespace to test trusted profile policy without any secret group in the TP policy
 module "tp_secrets_manager_group_not_for_policy" {
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = "${var.prefix}-tp-secret-group-not-for-policy"                                                        #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value

@@ -267,7 +267,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 # Additional Secrets-Manager Secret-Group for SERVICE level secrets
 module "secrets_manager_group_acct" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.3.15"
+  version              = "1.3.16"
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid
   #tfsec:ignore:general-secrets-no-plaintext-exposure

@@ -41,7 +41,7 @@ resource "ibm_resource_instance" "secrets_manager" {
 
 module "secrets_manager_groups" {
   source               = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version              = "1.3.15"
+  version              = "1.3.16"
   count                = length(kubernetes_namespace.examples)
   region               = local.sm_region
   secrets_manager_guid = local.sm_guid

@@ -5,14 +5,14 @@ locals {
 # parsing cluster crn to collect the cluster ID and the region it is deployed into
 module "crn_parser_cluster" {
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
-  version = "1.2.0"
+  version = "1.3.0"
   crn     = var.existing_cluster_crn
 }
 
 # parsing secrets manager crn to collect the secrets manager ID and its region
 module "crn_parser_sm" {
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
-  version = "1.2.0"
+  version = "1.3.0"
   crn     = var.existing_secrets_manager_crn
 }
 
@@ -107,7 +107,7 @@ module "cluster_secrets_stores_service_secrets_groups" {
     for idx, element in local.cluster_secrets_stores_service_secrets_groups_list : element.key => element
   })
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = each.value.name        # checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -167,7 +167,7 @@ module "cluster_secrets_stores_account_secrets_groups" {
     } if(cluster_secrets_store.existing_account_secrets_group_id == null || cluster_secrets_store.existing_account_secrets_group_id == "") && cluster_secrets_store.account_secrets_group_name != null
   })
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = each.value.name        # checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -366,7 +366,7 @@ module "secrets_stores_service_secrets_groups" {
     for idx, element in local.secrets_stores_service_secrets_groups_list : element.key => element
   })
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = each.value.name        # checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
@@ -426,7 +426,7 @@ module "secrets_stores_account_secrets_groups" {
     } if(secrets_store.existing_account_secrets_group_id == null || secrets_store.existing_account_secrets_group_id == "") && secrets_store.account_secrets_group_name != null
   })
   source                   = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
-  version                  = "1.3.15"
+  version                  = "1.3.16"
   region                   = local.sm_region
   secrets_manager_guid     = local.sm_guid
   secret_group_name        = each.value.name        # checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value

@@ -7,7 +7,7 @@ toolchain go1.25.4
 require (
 	github.com/gruntwork-io/terratest v0.52.0
 	github.com/stretchr/testify v1.11.1
-	github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.19
+	github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.20
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.34.1
 )
@@ -19,7 +19,7 @@ require (
 	github.com/IBM-Cloud/power-go-client v1.13.0 // indirect
 	github.com/IBM/cloud-databases-go-sdk v0.8.1 // indirect
 	github.com/IBM/go-sdk-core/v5 v5.21.0 // indirect
-	github.com/IBM/platform-services-go-sdk v0.89.0 // indirect
+	github.com/IBM/platform-services-go-sdk v0.90.0 // indirect
 	github.com/IBM/project-go-sdk v0.3.9 // indirect
 	github.com/IBM/schematics-go-sdk v0.4.0 // indirect
 	github.com/IBM/vpc-go-sdk v1.0.2 // indirect

@@ -13,8 +13,8 @@ github.com/IBM/cloud-databases-go-sdk v0.8.1/go.mod h1:JYucI1PdwqbAd8XGdDAchxzxR
 github.com/IBM/go-sdk-core/v5 v5.9.2/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV0j68/rlZsE=
 github.com/IBM/go-sdk-core/v5 v5.21.0 h1:DUnYhvC4SoC8T84rx5omnhY3+xcQg/Whyoa3mDPIMkk=
 github.com/IBM/go-sdk-core/v5 v5.21.0/go.mod h1:Q3BYO6iDA2zweQPDGbNTtqft5tDcEpm6RTuqMlPcvbw=
-github.com/IBM/platform-services-go-sdk v0.89.0 h1:fIvKR1bQchPoMUXQf69gaRKak/giVAkRDISiAX8TlE8=
-github.com/IBM/platform-services-go-sdk v0.89.0/go.mod h1:aGD045m6I8pfcB77wft8w2cHqWOJjcM3YSSV55BX0Js=
+github.com/IBM/platform-services-go-sdk v0.90.0 h1:hsUkgZZBGYK+szFb0tF9Q7uy1VjMY+VlYAPgPwFPMrg=
+github.com/IBM/platform-services-go-sdk v0.90.0/go.mod h1:aGD045m6I8pfcB77wft8w2cHqWOJjcM3YSSV55BX0Js=
 github.com/IBM/project-go-sdk v0.3.9 h1:D/UfMMn+vMQyvYf9EfocV6HrD3HcVpeIVoUSjNKuROo=
 github.com/IBM/project-go-sdk v0.3.9/go.mod h1:FOJM9ihQV3EEAY6YigcWiTNfVCThtdY8bLC/nhQHFvo=
 github.com/IBM/schematics-go-sdk v0.4.0 h1:x01f/tPquYJYLQzJLGuxWfCbV/EdSMXRikOceNy/JLM=
@@ -451,8 +451,8 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.19 h1:6a84e97jf33CjHPz6doFNloP3XiAXE2YZ27x/Tq8AFk=
-github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.19/go.mod h1:g0kmBhFk6pVoTmse42tMNCSNktiOYJHAda/pAzOIxco=
+github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.20 h1:jESkPVhbtjVGnZFEg227spKiA+p0nAA4pslMmA8OhYw=
+github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.20/go.mod h1:c1PLKvLVUfjjnzbIJ2Q59/mjOV9SWtYA5p/5k0JvER0=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw=
 github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk=
+12 −4		.secrets.baseline
+1 −1		da-assets/da-dependency-updater/requirements.txt
+1 −1		examples/Dockerfile
+3 −3		module-assets/.pre-commit-config.yaml
+4 −4		module-assets/ci/install-deps.sh
+29 −3		module-assets/ci/terraformDocOverview.py
+195 −66		scripts/iks-api-key-reset/reset_iks_api_key.sh
+1 −1		stack-assets/.pre-commit-config.yaml
+1 −1		stack-assets/stack-updater/requirements.txt