Photo by Jeremy Perkins on Unsplash
One key component of modern security is rotating secret.
Hashicorp has a good product that can generate secrets based on a master one : Vault.
I though it was very difficult to achieve this through Terraform.
But Terraform has a provider that can provide a change at the defined frequency basis : time_rotating.
Example:
terraform {
required_providers {
time = {
source = "hashicorp/time"
version = "0.5.0"
}
}
}
resource "time_rotating" "example" {
rotation_days = 30
}
resource "random_id" "server" {
keepers = {
# Generate a new password each time time rotates
rotation = time_rotating.example
}
byte_length = 8
}
Hope this helps !
Top comments (0)