terraform-aws-secretsmanager-random-secret/variables.tf at master · rhythmictech/terraform-aws-secretsmanager-random-secret · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
########################################
# General vars
########################################
variable "create_secret" {
  default     = true
  description = "If false, this module does nothing (since tf doesn't support conditional modules)"
  type        = bool
}

variable "description" {
  default     = ""
  description = "Description to add to Secret"
  type        = string
}

variable "kms_key_id" {
  default     = null
  description = "Optional. The KMS Key ID to encrypt the secret. KMS key arn or alias can be used."
}

variable "name" {
  default     = ""
  description = "Name (omit to use name_prefix)"
  type        = string
}

variable "name_prefix" {
  default     = "terraform"
  description = "Name Prefix (not used if name specified)"
  type        = string
}

variable "pass_version" {
  default     = 1
  description = "Password version. Increment this to trigger a new password."
  type        = number
}

variable "recovery_window_in_days" {
  default     = 30
  description = "Number of days that AWS Secrets Manager waits before it can delete the secret."
  type        = number
}

variable "tags" {
  default     = {}
  description = "Tags to add to supported resources"
  type        = map(string)
}

########################################
# Secret Notification Rules
########################################

variable "cloudtrail_log_group" {
  # can't leave this blank or upstream module var validation will fail in tflint
  default     = "change_me"
  description = "Cloudtrail Log Group name (required if `enable_secret_access_notification=true`)"
  type        = string
}

variable "enable_secret_access_notification" {
  default     = false
  description = "Notify SNS topic on secret access (not recommended for most use cases)"
  type        = bool
}

variable "secret_access_metric_namespace" {
  default     = "SecretsManager"
  description = "Metric namespace to use for CloudWatch metric"
  type        = string
}

variable "secret_access_notification_arn" {
  default     = ""
  description = "SNS topic to notify on secret access (required if `enable_secret_access_notification=true`)"
  type        = string
}

########################################
# Complexity rules
########################################
variable "length" {
  description = "Length of string"
  type        = number
}

variable "min_lower" {
  default     = 0
  description = "Minimum number of lower case characters"
  type        = number
}

variable "min_numeric" {
  default     = 0
  description = "Minimum number of numbers"
  type        = number
}

variable "min_special" {
  default     = 0
  description = "Minimum number of special characters"
  type        = number
}

variable "min_upper" {
  default     = 0
  description = "Minimum number of upper case characters"
  type        = number
}

variable "override_special" {
  type    = string
  default = ""
}

variable "use_lower" {
  default     = true
  description = "Use lower case  characters"
  type        = bool
}

variable "use_number" {
  default     = true
  description = "Use numbers"
  type        = bool
}

variable "use_special" {
  default     = true
  description = "Use special characters"
  type        = bool
}

variable "use_upper" {
  default     = true
  description = "Use upper case characters"
  type        = bool
}