v2.2.1

2.2.1 (2025-04-27)

Bug Fixes

• deps: update terraform-module (#317) (d8cf80d)

v2.2.0

2.2.0 (2025-04-25)

Features

• deps: updated required terraform version to >=1.9.0 and updated variable validation logic (#319) (6a2b6fa)

v2.1.1

2.1.1 (2025-04-03)

Bug Fixes

• updated prefix variable description (#321) (66fa626)

v1.26.4

1.26.4 (2025-04-02)

Fixes

• added the missing input skip_iam_authorization_policy from the DA. Previously this was automatically set to false with no ability to override in the DA, meaning you might get an error if passing an existing Secrets Manager instance if the auth policy already exists. Exposing it now allows consumers to disable auth policy creation if it already exists.

v2.1.0

2.1.0 (2025-04-01)

Features

• added new input secret_groups which supports creating secret groups, and associated IAM access groups. By default it will create a group called General with an associated access group called general-secrets-group-access-group which will have SecretsReader role. (#314) (600945c)

v1.26.3

1.26.3 (2025-04-01)

Fixes

• added a fix to KMS key validation that was causing the following error when passing an existing Secrets Manager instance:

  │ Error: Invalid function argument
  │ 
  │   on ../../main.tf line 21, in locals:
  │   21:   validate_is_hpcs_key = var.is_hpcs_key && local.kms_service_name != "hs-crypto" ? tobool("When is_hpcs_key is set to true then the key provided through kms_key_crn must be a Hyper Protect Crypto Services key") : true
  │     ├────────────────
  │     │ while calling tobool(v)
  │ 
  │ Invalid value for "v" parameter: cannot convert "When is_hpcs_key is set to true then the key provided through kms_key_crn must be a Hyper Protect Crypto Services key" to bool; only the strings
  │ "true" or "false" are allowed.
  

v1.26.2

1.26.2 (2025-03-31)

Fixes

• added a fix for a missing moved block in the DA which can cause the following destroys to be seen when upgrading to version 1.23.0 or later:

  # module.secrets_manager.ibm_sm_en_registration.sm_en_registration[0] will be destroyed
  

v1.26.1

1.26.1 (2025-03-31)

Fixes

• added a fix for a missing moved block in the DA which can cause the following destroys to be seen when upgrading to version 1.23.0 or later:

  # module.secrets_manager.ibm_iam_authorization_policy.en_policy[0] will be destroyed
  

  # module.secrets_manager.ibm_sm_en_registration.sm_en_registration[0] will be destroyed
  

v2.0.0

2.0.0 (2025-03-28)

Features

• added 2 new DA variations: "Fully configurable" and "Security-enforced"
• The "standard" variation has been deprecated does not exist in this release (#300) (b548403)

BREAKING CHANGES

• There is no upgrade path from the deprecated "Standard" DA variation to either of the new "Fully configurable" or "Security-enforced variations

v1.26.0

1.26.0 (2025-03-25)

Features

(#295) (a0cab06)

• The KMS auth policy has been updated so its now scoped to the exact KMS key. If upgrading from an older version this will recreate the auth policy, however it will create the new one before destroying the old one so there is no disruption to every day services.
• The kms_instance_guid input has been removed from the module. It is now programmatically determined from the value of kms_key_crn
• A new boolean input is_hpcs_key has been added to the module and should be set to true if the key specified in kms_key_crn is from a Hyper Protect instance. Leave it at false if using Key Protect. If set to true, a second auth policy is created which allows the Secrets Manager instance Viewer access to the HPCS instance.