How to Manage Secrets in AWS with Secrets Manager and Terraform
AWS Secrets Manager helps us to create, manage, rotate and retrieve database credentials, API keys, and other secrets through their lifecycle
In this story, we will learn how to create and consume secrets using AWS Secrets Manager and Terraform.
Creating a Secret for a Variable
In this first example, we will create a secret using a variable for an API username.
The first step is to define the variable, and we are using sensitive = true to protect the values of the variable from being printed in the logs and console output.
# Secret Variables
variable "api_username" {
description = "API service username"
type = string
sensitive = true
}
then we will create the secret:
# Creating a AWS Secret for API Service User
resource "aws_secretsmanager_secret" "service_user" {
name = "service_user"
description = "Service Account Username for the API" recovery_window_in_days = 0 tags = {
Name = "service_user"
Environment = var.app_environment
}
}resource "aws_secretsmanager_secret_version" "service_user" {
secret_id =…