Skip to content
/ j3-iac-confluent_cloud_resource_api_key_rotation-tf Public

A Terraform module that handles the creation and rotation of Confluent Cloud Resource API Keys. The rotation of API Keys is based on a configurable number of days since creation. Additionally, you can configure how many API Keys to retain for a given Confluent Cloud Service Account.

linkedin.com/in/jeffreyjonathanjennings

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

j3-signalroom/j3-iac-confluent_cloud_resource_api_key_rotation-tf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

J3 IaC Confluent Cloud Resource API Key Rotation Terraform module

In the main.tf replace <TERRAFORM CLOUD ORGANIZATION NAME> in the terraform.cloud block with your Terraform Cloud Organization Name and <TERRAFORM CLOUD ORGANIZATION's WORKSPACE NAME> in the terraform.cloud.workspaces block with your Terraform Cloud Organization's Workspaces Name.

A Terraform module that handles the creation creation and rotation of Confluent Cloud Resource API Key. The rotation of keys is based on the number of days since creation and you can retain a configurable number of API Key per Service Account.

Module Input Variable(s)

The module triggers the creation and rotation of the Confluent Cloud Resource API Key based on the following input variable(s):

  • confluent_cloud_api_key specifies the Confluent Cloud API Key (also referred as Cloud API ID)
  • confluent_cloud_api_secret specifies the Confluent Cloud API Secret
  • day_count specifies how many day(s) should the API Key be rotated for
  • number_of_api_keys_to_retain specifies the number of API Keys to retain
  • key_display_name specifies the name of the human-readable name for the API Key
  • owner specifies the API Key Owner. Refer to Confluent API Key Docs for more info
  • resource specifies the API Key Resource associated with it. Refer to Confluent API Key Docs for more details

Module Output Variable(s)

The module exposes the following output variables:

  • active_api_key specifies the current active API Key to be used for new logins. Refer to confluent/confluent_api_key for the expected structure
  • all_api_keys specifies all API Keys sorted by creation date. With the current active API Key being the 1st in the collection

Important Note

Due to the limitation of Terraform and Time Based rotation. You must execute the module regularly, on a frequency that is equal to or less than the configured number of days to rotate. If you do not, then you can run the risk of rotating out/deleting multiple API Keys on the next run. This can get to the extent that all your current API Keys are removed on a single run. This will prevent any current running process, that is currently using the older API Keys, from continuing to be able to log in and operate against your Confluent Cloud Resources.

Resources

Terraform Resource time_rotating

Terraform Hidden Gems! Secret Rotation with time_rotating

About

A Terraform module that handles the creation and rotation of Confluent Cloud Resource API Keys. The rotation of API Keys is based on a configurable number of days since creation. Additionally, you can configure how many API Keys to retain for a given Confluent Cloud Service Account.

linkedin.com/in/jeffreyjonathanjennings

Topics

terraform-module confluent-cloud

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.00.00.000 Latest
Jul 16, 2024

Packages

No packages published

Languages