Skip to content

Latest commit

 

History

History
58 lines (46 loc) · 2 KB

README.md

File metadata and controls

58 lines (46 loc) · 2 KB
Raw

Module Secret Manager IAM

This optional module is used to assign secrets roles

Usage

module "secret_manager_iam" {
  source  = "terraform-google-modules/iam/google//modules/secret_manager_iam"
  version = "~> 8.0"

  project = "gcp-project-id"
  secrets = ["my-secret"]
  mode = "additive"

  bindings = {
    "roles/secretmanager.secretAccessor" = [
      "serviceAccount:[email protected]",
      "group:[email protected]"
    ]

    "roles/secretmanager.viewer" = [
      "user:[email protected]"
    ]
  }

  conditional_bindings = [
    {
      role = "roles/secretmanager.admin"
      title = "expires_after_2021_12_31"
      description = "Expiring at midnight of 2021-12-31"
      expression = "request.time < timestamp(\"2022-01-01T00:00:00Z\")"
      members = ["user:[email protected]"]
    }
  ]
}

Inputs

Name Description Type Default Required
bindings Map of role (key) and list of members (value) to add the IAM policies/bindings map(any) n/a yes
conditional_bindings List of maps of role and respective conditions, and the members to add the IAM policies/bindings 
list(object({
    role        = string
    title       = string
    description = string
    expression  = string
    members     = list(string)
  }))
 [] no
mode Mode for adding the IAM policies/bindings, additive and authoritative string "additive" no
project Project to add the IAM policies/bindings string "" no
secrets Secret Manager Secrets list to add the IAM policies/bindings list(string) [] no

Outputs

Name Description
members Members which were bound to the Secret Manager Secrets.
roles Roles which were assigned to members.
secrets Secret Manager Secrets which received for bindings.