feat: add secretstore resource

docs/resources/secretstore.md

@@ -0,0 +1,133 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "humanitec_secretstore Resource - terraform-provider-humanitec"
+subcategory: ""
+description: |-
+  An external secret management system used by an organization to store secrets referenced in Humanitec.
+---
+
+# humanitec_secretstore (Resource)
+
+An external secret management system used by an organization to store secrets referenced in Humanitec.
+
+## Example Usage
+
+```terraform
+resource "humanitec_secretstore" "secret_store_gcpsm" {
+  id = "secretstore_id"
+  gcpsm = {
+    project_id = "example-project"
+    auth = {
+      secret_access_key = "secret-access-key"
+    }
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The ID of the Secret Store.
+
+### Optional
+
+- `awssm` (Attributes) AWS Secret Manager specification. (see [below for nested schema](#nestedatt--awssm))
+- `azurekv` (Attributes) Azure KV Secret Manager specification. (see [below for nested schema](#nestedatt--azurekv))
+- `gcpsm` (Attributes) GCP Secret Manager specification. (see [below for nested schema](#nestedatt--gcpsm))
+- `primary` (Boolean) Whether the Secret Store is the Primary one for the organization.
+- `vault` (Attributes) Vault specification. (see [below for nested schema](#nestedatt--vault))
+
+<a id="nestedatt--awssm"></a>
+### Nested Schema for `awssm`
+
+Required:
+
+- `region` (String) The region of AWS Secret Manager.
+
+Optional:
+
+- `auth` (Attributes, Sensitive) Credentials to authenticate to AWS Secret Manager. (see [below for nested schema](#nestedatt--awssm--auth))
+
+<a id="nestedatt--awssm--auth"></a>
+### Nested Schema for `awssm.auth`
+
+Required:
+
+- `access_key_id` (String) The Access Key ID.
+- `secret_access_key` (String) The Secret Access Key.
+
+
+
+<a id="nestedatt--azurekv"></a>
+### Nested Schema for `azurekv`
+
+Required:
+
+- `tenant_id` (String) The AzureKV Tenant ID.
+- `url` (String) The AzureKV URL.
+
+Optional:
+
+- `auth` (Attributes, Sensitive) Credentials to authenticate to Azure Key Vault. (see [below for nested schema](#nestedatt--azurekv--auth))
+
+<a id="nestedatt--azurekv--auth"></a>
+### Nested Schema for `azurekv.auth`
+
+Required:
+
+- `client_id` (String) The AzureKV Client ID.
+- `client_secret` (String) The AzureKV Client Secret.
+
+
+
+<a id="nestedatt--gcpsm"></a>
+### Nested Schema for `gcpsm`
+
+Required:
+
+- `project_id` (String) The project ID of the GCPSM.
+
+Optional:
+
+- `auth` (Attributes, Sensitive) Credentials to authenticate the GCPSM. (see [below for nested schema](#nestedatt--gcpsm--auth))
+
+<a id="nestedatt--gcpsm--auth"></a>
+### Nested Schema for `gcpsm.auth`
+
+Required:
+
+- `secret_access_key` (String) The Secret Access Key.
+
+
+
+<a id="nestedatt--vault"></a>
+### Nested Schema for `vault`
+
+Required:
+
+- `url` (String) The Vault URL.
+
+Optional:
+
+- `agent_id` (String) Reference to the agent to use to hit Vault.
+- `auth` (Attributes, Sensitive) Credentials to authenticate the Vault. (see [below for nested schema](#nestedatt--vault--auth))
+- `path` (String) The path used to read / write secrets.
+
+<a id="nestedatt--vault--auth"></a>
+### Nested Schema for `vault.auth`
+
+Optional:
+
+- `role` (String) Role to assume to access Vault.
+- `token` (String) Token to access Vault.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# import an existing secret store
+terraform import humanitec_secretstore.secret_store_gcpsm secretstore_id
+```

examples/resources/humanitec_secretstore/import.sh

@@ -0,0 +1,3 @@
+# import an existing secret store
+terraform import humanitec_secretstore.secret_store_gcpsm secretstore_id
+

examples/resources/humanitec_secretstore/resource.tf

@@ -0,0 +1,9 @@
+resource "humanitec_secretstore" "secret_store_gcpsm" {
+  id = "secretstore_id"
+  gcpsm = {
+    project_id = "example-project"
+    auth = {
+      secret_access_key = "secret-access-key"
+    }
+  }
+}

internal/provider/provider.go

@@ -163,6 +163,7 @@ func (p *HumanitecProvider) Resources(ctx context.Context) []func() resource.Res
 		NewResourcePipeline,
 		NewResourceResourceDriver,
 		NewResourceRule,
+		NewResourceSecretStore,
 		NewResourceValue,
 		NewResourceWebhook,
 	}