Skip to content

Added secrets-manager module#41

Draft
uzairharoon20 wants to merge 2 commits into
mainfrom
feature/BCSS-23423-Terraform-module-secrets-manager
Draft

Added secrets-manager module#41
uzairharoon20 wants to merge 2 commits into
mainfrom
feature/BCSS-23423-Terraform-module-secrets-manager

Conversation

@uzairharoon20
Copy link
Copy Markdown

@uzairharoon20 uzairharoon20 commented May 29, 2026

Description

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

nhs-oliverslater
nhs-oliverslater requested changes May 29, 2026
View reviewed changes
Comment thread infrastructure/modules/secrets-manager/locals.tf
# Use the auto-generated context ID as the secret name.
# The caller controls the name by setting context labels:
# service, environment, stack, name, etc.
secret_name = module.this.id
Copy link
Copy Markdown
Contributor

@nhs-oliverslater nhs-oliverslater May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No point having a local that is just a literal of another value. Can you make this a conditional on if a user has passed in a var.secret_name (will also need a new variable to go with it)?

Suggested change
secret_name = module.this.id
secret_name = var.secret_name != null ? var.secret_name : module.this.id

Comment thread infrastructure/modules/secrets-manager/variables.tf
type = string
default = null
sensitive = true
description = "The secret value to store as a plaintext string. Use jsonencode() to store structured data such as database credentials. Mutually exclusive with secret_string_wo."
Copy link
Copy Markdown
Contributor

@nhs-oliverslater nhs-oliverslater May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

secret_string_wo doesnt exist - please add

Comment thread infrastructure/modules/secrets-manager/variables.tf
variable "recovery_window_in_days" {
type = number
default = 30
description = "Number of days AWS Secrets Manager waits before permanently deleting the secret. Valid values: 0 (immediate deletion) or 7-30."
Copy link
Copy Markdown
Contributor

@nhs-oliverslater nhs-oliverslater May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nhs-oliverslater nhs-oliverslater nhs-oliverslater requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@uzairharoon20 @nhs-oliverslater