Skip to content

Commit

Permalink
Do not use the default kms key
Browse files Browse the repository at this point in the history
  • Loading branch information
@bobdoah
bobdoah committed Jun 30, 2022
1 parent e6eab46 commit 99bc325
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions examples/external-secrets-kubernetes-addon/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,10 @@ data "aws_region" "current" {}
# External Secrets Operator - Secret
#---------------------------------------------------------------

resource "aws_kms_key" "secrets" {
enable_key_rotation = true
}

module "cluster_secretstore_role" {
source = "../../modules/irsa"
kubernetes_namespace = local.namespace
Expand Down Expand Up @@ -233,7 +237,7 @@ resource "aws_iam_policy" "cluster_secretstore" {
"Action": [
"kms:Decrypt"
],
"Resource": "*"
"Resource": "${aws_kms_key.secrets.arn}"
}
]
}
Expand Down Expand Up @@ -261,7 +265,9 @@ YAML
}

resource "aws_secretsmanager_secret" "secret" {
name = local.name
name = local.name
recovery_window_in_days = 0
kms_key_id = aws_kms_key.secrets.arn
}

resource "aws_secretsmanager_secret_version" "secret" {
Expand Down Expand Up @@ -335,7 +341,7 @@ resource "aws_iam_policy" "secretstore" {
"Action": [
"kms:Decrypt"
],
"Resource": "*"
"Resource": "${aws_kms_key.secrets.arn}"
}
]
}
Expand Down Expand Up @@ -369,6 +375,7 @@ resource "aws_ssm_parameter" "secret_parameter" {
username = "secretuser",
password = "secretpassword"
})
key_id = aws_kms_key.secrets.arn
}


Expand Down

0 comments on commit 99bc325

Please sign in to comment.