feat: create secret manager resource to store environment variables (#…

…413) * feat: create secret manager resource to store environment variables * chore: rename * feat: output new variable and allow workflow dispatch for tf apply workflow
cds-snc · Mar 15, 2022 · 49bb48d · 49bb48d
1 parent 4371e52
commit 49bb48d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 0 deletions.
diff --git a/.github/workflows/merge_to_main_production.yml b/.github/workflows/merge_to_main_production.yml
@@ -1,6 +1,8 @@
 name: "Merge to main (Production)"
 
 on:
+  # This will be used to dispatch this workflow from the manifest repo when environment variables change
+  workflow_dispatch:
   push:
     branches:
       - main

diff --git a/.github/workflows/merge_to_main_staging.yml b/.github/workflows/merge_to_main_staging.yml
@@ -1,6 +1,8 @@
 name: "Merge to main (Staging)"
 
 on:
+  # This will be used to dispatch this workflow from the manifest repo when environment variables change
+  workflow_dispatch:
   push:
     branches:
       - main

diff --git a/aws/common/outputs.tf b/aws/common/outputs.tf
@@ -57,3 +57,9 @@ output "s3_bucket_csv_upload_bucket_arn" {
 output "s3_bucket_csv_upload_bucket_name" {
   value = aws_s3_bucket.csv_bucket.bucket
 }
+
+output "environment_variables_current_secret_string" {
+  description = "Environment variables shared between EKS and Lambda"
+  value       = data.aws_secretsmanager_secret_version.environment_variables_current.secret_string
+  sensitive   = true
+}
diff --git a/aws/common/secretsmanager.tf b/aws/common/secretsmanager.tf
@@ -0,0 +1,11 @@
+resource "aws_secretsmanager_secret" "environment_variables" {
+  name = "environment_variables"
+
+  tags = {
+    CostCenter = "notification-canada-ca-${var.env}"
+  }
+}
+
+data "aws_secretsmanager_secret_version" "environment_variables_current" {
+  secret_id = aws_secretsmanager_secret.environment_variables.id
+}