feat: add secretstore resource

humanitec · Oct 16, 2023 · 6d31f71 · 6d31f71
1 parent cf8a5cd
commit 6d31f71
Show file tree

Hide file tree

Showing 4 changed files with 865 additions and 0 deletions.
diff --git a/docs/resources/secretstore.md b/docs/resources/secretstore.md
@@ -0,0 +1,112 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "humanitec_secretstore Resource - terraform-provider-humanitec"
+subcategory: ""
+description: |-
+  An external secret management system used by an organization to store secrets referenced in Humanitec.
+---
+
+# humanitec_secretstore (Resource)
+
+An external secret management system used by an organization to store secrets referenced in Humanitec.
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The ID of the Secret Store.
+
+### Optional
+
+- `awssm` (Attributes) AWS Secret Manager specification. (see [below for nested schema](#nestedatt--awssm))
+- `azurekv` (Attributes) Azure KV Secret Manager specification. (see [below for nested schema](#nestedatt--azurekv))
+- `gcpsm` (Attributes) GCP Secret Manager specification. (see [below for nested schema](#nestedatt--gcpsm))
+- `primary` (Boolean) Whether the Secret Store is the Primary one for the organization.
+- `vault` (Attributes) Vault specification. (see [below for nested schema](#nestedatt--vault))
+
+<a id="nestedatt--awssm"></a>
+
+### Nested Schema for `awssm`
+
+Required:
+
+- `region` (String) The region of AWS Secret Manager.
+
+Optional:
+
+- `auth` (Attributes, Sensitive) Credentials to authenticate to AWS Secret Manager. (see [below for nested schema](#nestedatt--awssm--auth))
+
+<a id="nestedatt--awssm--auth"></a>
+
+### Nested Schema for `awssm.auth`
+
+Required:
+
+- `access_key_id` (String) The Access Key ID.
+- `secret_access_key` (String) The Secret Access Key.
+
+<a id="nestedatt--azurekv"></a>
+
+### Nested Schema for `azurekv`
+
+Required:
+
+- `tenant_id` (String) The AzureKV Tenant ID.
+- `url` (String) The AzureKV URL.
+
+Optional:
+
+- `auth` (Attributes, Sensitive) Credentials to authenticate to Azure Key Vault. (see [below for nested schema](#nestedatt--azurekv--auth))
+
+<a id="nestedatt--azurekv--auth"></a>
+
+### Nested Schema for `azurekv.auth`
+
+Required:
+
+- `client_id` (String) The AzureKV Client ID.
+- `client_secret` (String) The AzureKV Client Secret.
+
+<a id="nestedatt--gcpsm"></a>
+
+### Nested Schema for `gcpsm`
+
+Required:
+
+- `project_id` (String) The project ID of the GCPSM.
+
+Optional:
+
+- `auth` (Attributes, Sensitive) Credentials to authenticate the GCPSM. (see [below for nested schema](#nestedatt--gcpsm--auth))
+
+<a id="nestedatt--gcpsm--auth"></a>
+
+### Nested Schema for `gcpsm.auth`
+
+Required:
+
+- `secret_access_key` (String) The Secret Access Key.
+
+<a id="nestedatt--vault"></a>
+
+### Nested Schema for `vault`
+
+Required:
+
+- `url` (String) The Vault URL.
+
+Optional:
+
+- `agent_id` (String) Reference to the agent to use to hit Vault.
+- `auth` (Attributes, Sensitive) Credentials to authenticate the Vault. (see [below for nested schema](#nestedatt--vault--auth))
+- `path` (String) The path used to read / write secrets.
+
+<a id="nestedatt--vault--auth"></a>
+
+### Nested Schema for `vault.auth`
+
+Optional:
+
+- `role` (String) Role to assume to access Vault.
+- `token` (String) Token to access Vault.
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -163,6 +163,7 @@ func (p *HumanitecProvider) Resources(ctx context.Context) []func() resource.Res
 		NewResourcePipeline,
 		NewResourceResourceDriver,
 		NewResourceRule,
+		NewResourceSecretStore,
 		NewResourceValue,
 		NewResourceWebhook,
 	}