Skip to content

Instantly share code, notes, and snippets.

@leehambley
Forked from smiller171/database.tf
Created July 14, 2020 18:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save leehambley/33d877a15eff40e1373e71c63753d5ad to your computer and use it in GitHub Desktop.
Save leehambley/33d877a15eff40e1373e71c63753d5ad to your computer and use it in GitHub Desktop.
Manage RDS password in Terraform in a sane way
resource "random_string" "db_master_pass" {
length = 40
special = true
min_special = 5
override_special = "!#$%^&*()-_=+[]{}<>:?"
keepers = {
pass_version = 1
}
}
resource "aws_db_instance" "mysql_db" {
username = "mysql_user"
password = "${random_string.db_master_pass.result}"
...
}
resource "aws_secretsmanager_secret" "db-pass" {
name = "db-pass-${terraform.workspace}"
}
resource "aws_secretsmanager_secret_version" "db-pass-val" {
secret_id = "${aws_secretsmanager_secret.db-pass.id}"
secret_string = "${random_string.db_master_pass.result}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment