/terraform-github-secrets

Terraform module to manage Github Repository Secrets and Github Actions Environment Secrets.

Primary LanguageHCL

terraform-github-secrets

semantic-release terraform-github-secrets

Terraform module to manage Github Repository Secrets and Github Actions Environment Secrets.

Doc generation

Code formatting and documentation for variables and outputs is generated using pre-commit-terraform hooks which uses terraform-docs.

Follow these instructions to install pre-commit locally.

And install terraform-docs with go get github.com/segmentio/terraform-docs or brew install terraform-docs.

Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

Usage

Github Authentication

You will need to authenticate against Github using an OAuth Token or Personal Access Token. See Github Provider#Authentication for more informations.

This can be done by setting the token argument of the github provider or by exporting your Token to the GITHUB_TOKEN environment variable.

Provider configuration:

provider "github" {
  token = var.token # or `GITHUB_TOKEN`
}

Environment variable configuration:

export GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Example

module "secrets" {
  source = "../"

  repository = "tbobm/terraform-github-secrets"

  secrets = {
    deploy_key = {
      name      = "DEPLOY_KEY"
      plaintext = "ABCDEF"
    }
    registry_username = {
      name      = "DOCKERHUB_USERNAME"
      plaintext = "sampleuser"
    }
    registry_password = {
      name      = "DOCKERHUB_PASSWORD"
      plaintext = "samplepass"
    }
  }
  environment_secrets = {
    production = {  # the production env must exist beforehand
      ssh_username = {
        name      = "SSH_USERNAME"
        plaintext = "sampleuser"
      }
      ssh_password = {
        name      = "SSH_PASSWORD"
        plaintext = "samplepass"
      }
    }
  }
}

Requirements

Name Version
terraform >= 0.15
github ~> 4

Providers

Name Version
github ~> 4

Modules

No modules.

Resources

Name Type
github_actions_environment_secret.this resource
github_actions_secret.this resource

Inputs

Name Description Type Default Required
environment_secrets A map of environment-scoped secrets map(any) {} no
repository The full name of the repository in the form org/repo string n/a yes
secrets A map of secret definitions map(any) {} no

Outputs

No outputs.