Skip to content

Commit

Permalink
working setup for secrets management directly from manager
Browse files Browse the repository at this point in the history
  • Loading branch information
@GondekNP
GondekNP committed Jan 3, 2024
1 parent e20f42f commit ddf7cee
Show file tree
Hide file tree
Showing 3 changed files with 100 additions and 37 deletions.
12 changes: 1 addition & 11 deletions .deployment/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,16 +72,6 @@ resource "aws_transfer_user" "tf-sftp-burn-severity" {
home_directory = "/public"
}

# Then, keys for the public and admin users - get from local env

variable "ssh_key_public_admin" {
type = string
}

variable "ssh_key_private_admin" {
type = string
}

resource "aws_transfer_ssh_key" "sftp_ssh_key_public" {
depends_on = [aws_transfer_user.tf-sftp-burn-severity]
server_id = aws_transfer_server.tf-sftp-burn-severity.id
Expand Down Expand Up @@ -135,7 +125,7 @@ resource "google_cloud_run_service" "tf-rest-burn-severity" {
}
env {
name = "SFTP_SSH_KEY_PRIVATE"
value = var.ssh_key_private_admin
value = local.ssh_pairs["SSH_KEY_ADMIN_PRIVATE"]
}
}
}
Expand Down
66 changes: 54 additions & 12 deletions .deployment/terraform.tfstate
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.0",
"serial": 116,
"serial": 118,
"lineage": "44075ebe-b91a-1e72-3b17-affdfb63c0f1",
"outputs": {},
"resources": [
Expand Down Expand Up @@ -378,7 +378,7 @@
"repository_id": "burn-backend",
"terraform_labels": {},
"timeouts": null,
"update_time": "2024-01-02T18:30:24.640530Z",
"update_time": "2024-01-03T18:47:38.656872Z",
"virtual_repository_config": []
},
"sensitive_attributes": [],
Expand Down Expand Up @@ -406,17 +406,17 @@
"run.googleapis.com/client-version": "457.0.0",
"run.googleapis.com/ingress": "all",
"run.googleapis.com/ingress-status": "all",
"run.googleapis.com/operation-id": "718ccb00-b9d3-44c9-97a9-478b43149aaa",
"run.googleapis.com/operation-id": "5e7ffc10-686c-44ce-b87e-10a647114601",
"serving.knative.dev/creator": "[email protected]",
"serving.knative.dev/lastModifier": "[email protected]"
},
"effective_labels": {
"cloud.googleapis.com/location": "us-central1"
},
"generation": 24,
"generation": 26,
"labels": {},
"namespace": "dse-nps",
"resource_version": "AAYODu+bWik",
"resource_version": "AAYODxGRGrY",
"self_link": "/apis/serving.knative.dev/v1/namespaces/113009620257/services/tf-rest-burn-severity",
"terraform_labels": {},
"uid": "21bd9415-f58f-4c49-a191-9450f2035ed6"
Expand Down Expand Up @@ -446,14 +446,14 @@
"type": "RoutesReady"
}
],
"latest_created_revision_name": "tf-rest-burn-severity-00024-czk",
"latest_ready_revision_name": "tf-rest-burn-severity-00024-czk",
"observed_generation": 24,
"latest_created_revision_name": "tf-rest-burn-severity-00026-59w",
"latest_ready_revision_name": "tf-rest-burn-severity-00026-59w",
"observed_generation": 26,
"traffic": [
{
"latest_revision": true,
"percent": 100,
"revision_name": "tf-rest-burn-severity-00024-czk",
"revision_name": "tf-rest-burn-severity-00026-59w",
"tag": "",
"url": ""
}
Expand All @@ -472,7 +472,7 @@
},
"generation": 0,
"labels": {
"client.knative.dev/nonce": "nloehtaopz",
"client.knative.dev/nonce": "klqwaudkvj",
"run.googleapis.com/startupProbeType": "Default"
},
"name": "",
Expand All @@ -497,7 +497,7 @@
},
{
"name": "SFTP_SSH_KEY_PRIVATE",
"value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAoy8fAZSGoMFF4xXLfOi3y35NY6NvjB0Gpe5a8OWI/8XOmX4K4gFw\n71f/AZiQKcmLZ9sexzF33Qx5pf0hh0WFlO3Mic+4ngMHongPb8CbJGdOdn5zfze+SwK4eg\nJdd7wXpuvPhmjzbFfLHEkVSqk+eUSbMP0GVdhO6/+191p8tj7UNreJcHtOIWahaOHtrXf1\nUjELaFe6YK6c5HllNbsVxP2TV4BG5fxwsJTAhExRCAJ+XZlnMwRo+ka+Vrd14f3ZsM1GYk\nTZx8VAQM3EjBEAW/MLuUI+vGzfX0/JpGPFXr/uhK9mH23TY3HvTmfjWp8nomt1jmOVr1aW\nQmiekng2DOCQZ/FTKXs4l16QIURtQ/Bo/3u3FqVKYUDG5cWIAq4KpQM0xteLRw7hWcf4lj\nLrBIWHJbhueWykvNfNV88NSSppunkvNKqJMe8J0HLX4+0FbYQv891C2hLGmcbexhlfDTgH\n+JvGMQW6IwuZT7EVhZOoHn57RN/GesgCLf7yzXU/5OdcLoicT6bLk9G0tX/AINNl5QVXvk\nNNOztNZ3ssFG9EFvY2p7ULkHxQjuoUfHwwF49vOFUM4kGz8apQOZ7zAIrFDDUUhhK5x3s4\nBSdqtaxx0SJwYBqJOxalQhdSenvXNTL9fqz+icnQ+1ogZiTTjn9oZo8nc0FatMS527fZn1\n8AAAdIgX745oF++OYAAAAHc3NoLXJzYQAAAgEAoy8fAZSGoMFF4xXLfOi3y35NY6NvjB0G\npe5a8OWI/8XOmX4K4gFw71f/AZiQKcmLZ9sexzF33Qx5pf0hh0WFlO3Mic+4ngMHongPb8\nCbJGdOdn5zfze+SwK4egJdd7wXpuvPhmjzbFfLHEkVSqk+eUSbMP0GVdhO6/+191p8tj7U\nNreJcHtOIWahaOHtrXf1UjELaFe6YK6c5HllNbsVxP2TV4BG5fxwsJTAhExRCAJ+XZlnMw\nRo+ka+Vrd14f3ZsM1GYkTZx8VAQM3EjBEAW/MLuUI+vGzfX0/JpGPFXr/uhK9mH23TY3Hv\nTmfjWp8nomt1jmOVr1aWQmiekng2DOCQZ/FTKXs4l16QIURtQ/Bo/3u3FqVKYUDG5cWIAq\n4KpQM0xteLRw7hWcf4ljLrBIWHJbhueWykvNfNV88NSSppunkvNKqJMe8J0HLX4+0FbYQv\n891C2hLGmcbexhlfDTgH+JvGMQW6IwuZT7EVhZOoHn57RN/GesgCLf7yzXU/5OdcLoicT6\nbLk9G0tX/AINNl5QVXvkNNOztNZ3ssFG9EFvY2p7ULkHxQjuoUfHwwF49vOFUM4kGz8apQ\nOZ7zAIrFDDUUhhK5x3s4BSdqtaxx0SJwYBqJOxalQhdSenvXNTL9fqz+icnQ+1ogZiTTjn\n9oZo8nc0FatMS527fZn18AAAADAQABAAACACuE95nuSHE62i6Ts28eiVXF21HFVoxheVJr\nXOl97al40X5x9OkNRVcvepysWVYrn/gUogKxmKvlFdREy9pNmjB7st7V/QB3AmQ77LH7Be\nURgAVt99NnxGIw2Y4Ab3jtOsmTfgb0mma8iziB7SG6PSUOPO01rajbRUD/M0JCaZwY6XOm\nQwsyd0XFHyrfhgmLQmunFMnBC72ZE9KC5ZEM0eN1VQQy+7V+O3d8VFN0HvAp6hWAQduDQ5\nPrpftudgvNLW9Pb4PppML4QgiGV/Ka3iOnj+raVezehDvhBX/H8+0u9qeAN5YOLiAJVK7u\nWd3jMCjKy9ErkdHvH6eaSx/420Dq5hP2is4fFpCp8yW8ikJY8B8GpM7TAhtIwKvHY0vLtZ\neIuRvcbMQgV6Q3pxobXKW9hBkrmSXAMk01pAI3ewW8xRaNb8/0zuGnOII3nVl4WuQlNXhv\nG0RbsXAws89z/J/xF+l3MRCZBLqCTSywcepYHFkAkRvKpUtZczuchuBNXLsUcTia6OzmQm\nDtJHGvWvKZEX/bYeKPmKSzVsWz/Ai6rlIb8Y5O/9oqSao1K9eY97wJxKSpOJosWm0RVA1h\nNF61j70nD8FUAlfIzgiKoeg+1mlFtr05vQC0cxcHBx/HVl+fhXiBvc0zhE8JRdUSgLBM7W\n+MKD+dVkqCtzTUc7zxAAABAQCgESsb8ASRxgf58wCpjeR8xfE6h2zAb4ptgQ6VJ+RXmcDf\nR8djr+si9wtZq1ch6kmEFyNLMeldtj9cuUl3o2XbaGXItwHnTnjUCmLhqM5W8Dmny/FzAv\n6BRaGUaQqi6qsl45dkZ1ot/5yiu8rUgbFqTPzqSKYTCc4AyTN1o6LY5El4vtHoQdlFXRrC\nOOWxbPcurNSD0EF9Ex3g3cMSbV1iiyLcXiDA3Dg6oVIXL1rmGolECYlm92lDcCa6Hu1rTq\nOtpp6Li8Mej1YyLVn5w7iatdl7fP/xDOCNlZcGvx0dK1IdtpYXH82X3gQokIZ91zxJk57H\nbaRXY9w0vVt5V/y0AAABAQDMcwj62wc7vLkinkCmMSqCkmcCojbWgqN8wvlzGitluTFw9i\nmZk+hjQzZ6WKJBrfDGnfm1n20//AYmUBdEahzpkqdT4zNdzeDDGxkfUxDgs/iPIg2Pnkmi\n9l8Kz3Y9rxD5qp+RU+QsB8dFMSA+XlvSheJZ4AjZJH/xKOry4jiSLfIqojmD7x4l2JUdiF\nOwD0mItCr3X9wCPgEB1x78CCzFkSB4PeqsmFgJWGoS2TU9G1dsAZS2mjhmEYQ0XkIME2J0\ntMtZMXUZ6YvvZO7U4BBgeZbQBi8dsGpSKpuPcqhUAtpxAIsLC+I0NPM6sa0QXPNFTo0KN0\nEMz0XyKNXMPW5jAAABAQDMVHXVEBnmmIzvlAYtc/quoTF21A3yzFYNbTonu2Tf8+XIqdJU\nXfL/sd+z/Of7zXryLXmz+VuKmqHHPKG3leKF/bk0nL+GkzT1w/wEz/KSoDEU5wghHtDXE9\n70XOFOQUjSeiK2r/ATPWyEHo4aPSRkq/z4x+6MBYVUimMRpxx0u+BDy+YikDH0fsS1cTX2\nDn6W4u1V3AaslHs6YLyi2nvZwU4qQR6/4vW+o1wisSzetrPBG5SX1pgXgKj9WtRBjp73TF\nqnuvyHN1mzwUG58VZlrhzKshgjr/kkgftOR7b+SdasPGbqeagfJuCGAdyMznJ8EynobG9o\nC3qkfcEdI03VAAAAEXJvb3RANWMwNTE2ODFkMjZjAQ==\n-----END OPENSSH PRIVATE KEY-----",
"value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEA7QI+17xaWO36anssYty4WWLWNub5PRvPvQ6U129zBU/Glx8ZUeNG\nFJLDY/uWzkwMEtmFcDbmO4jVaFhixK08bIuMV333NAOhwestdjyKrdOtiTLLkEqVUT4FvB\naKw8GDWfRj3AbGHWg4uvBGYvBSOp/EK3MTbu3+FjUS/xlsBpHvH5w/Pm6UEnEWwHyQ2fO2\n1kgeXgZCNe1Qf7RtpZhVNNccKr+kC33xJczAzJWanSB3NYQgFyBrZ1j4c7/9Wssr4K7DAP\n5gUfkIFtHogJgM5sJxZn98wDTwH//Ln6L9jwzEYqJpvZVMPEfN8robLaVzIPvTl1efOlk+\nyQWc/sv27TVjT7c52zpaBckTVk2hXL/iCN39kPPbDS07+B66+GoIOShN6QGJvHTwZ7+1pg\nDt0FE/TuLSWhdq6Ro50E+5fmmXYlyvTnjrj1E0Vlh3c9ZTbZIkEAx13wLQQzYZo45FD9KS\nu11N2hp6sPKkDEPCBC7gm4CE/qqxxv/3FdUMlM4ex+5oJD+lRdf2m85NdH45VhdmdWXsXt\ngI2rNdvSaLEKYZ+XybtYgSAmA/8c9gWBKhBpVbl6H5mRLsFjChNAbf+gSF9eqRWINkVvxc\nv98+uLn+eQPDiiz1ol0nAOocDVW9MygHh5Th6LckRo6/ozJYTFfsIZ3CyPjJfj3StiIMyE\nEAAAdIXt+XT17fl08AAAAHc3NoLXJzYQAAAgEA7QI+17xaWO36anssYty4WWLWNub5PRvP\nvQ6U129zBU/Glx8ZUeNGFJLDY/uWzkwMEtmFcDbmO4jVaFhixK08bIuMV333NAOhwestdj\nyKrdOtiTLLkEqVUT4FvBaKw8GDWfRj3AbGHWg4uvBGYvBSOp/EK3MTbu3+FjUS/xlsBpHv\nH5w/Pm6UEnEWwHyQ2fO21kgeXgZCNe1Qf7RtpZhVNNccKr+kC33xJczAzJWanSB3NYQgFy\nBrZ1j4c7/9Wssr4K7DAP5gUfkIFtHogJgM5sJxZn98wDTwH//Ln6L9jwzEYqJpvZVMPEfN\n8robLaVzIPvTl1efOlk+yQWc/sv27TVjT7c52zpaBckTVk2hXL/iCN39kPPbDS07+B66+G\noIOShN6QGJvHTwZ7+1pgDt0FE/TuLSWhdq6Ro50E+5fmmXYlyvTnjrj1E0Vlh3c9ZTbZIk\nEAx13wLQQzYZo45FD9KSu11N2hp6sPKkDEPCBC7gm4CE/qqxxv/3FdUMlM4ex+5oJD+lRd\nf2m85NdH45VhdmdWXsXtgI2rNdvSaLEKYZ+XybtYgSAmA/8c9gWBKhBpVbl6H5mRLsFjCh\nNAbf+gSF9eqRWINkVvxcv98+uLn+eQPDiiz1ol0nAOocDVW9MygHh5Th6LckRo6/ozJYTF\nfsIZ3CyPjJfj3StiIMyEEAAAADAQABAAACAQCnIA86R0oaLW2IimSpLeUcutI9ErArxCG/\nubmBFMixtShfRgGvuaigN0Fqjm0v+XYGELbEgyHkVz/M/Y5gC5xxGhITW/LmDa2RtYlwN4\n6+tmZHObdLfxw9lpOqpuag1SMPWoLUEz6+W9CtGWM4vyfsyN4mmVXZwh6KgFBt6/o9w8gv\nrRj3qDfnrTES+IOX/QAvp9kqChXEOxypgIxU2c8znH/zMQG3TM6wDeriGJhXNh55cTrDtA\nuoa5d+36IC1QOSwwkk+Trocseed9QQYaevTOt0EG/ihTHSDqkCX4eWyLTurIINumpwk12J\nTGx/yowddRYmQRY5qdbZH4kuLptmG+wZb3D6PqBqB5GLO3EZ0CTX7TVV6u4f4t2l0V/cmP\n2T1pQRYmfYN30AJpej4d9b5qF9p8CvTo2jNOUvYgD4Gc4WcIDkwWFcPMaRYQXZBF8v1l2c\nnkh+qE1NJsjkKlqbZoOD/pz9g29jIl5Wh+sjttFX5Ptp5P7udXzKYXmy3iSJG2QI2sumUn\nrnYxLLpHjZzQqe1wM7OkZhez5XPLbKhdvmsweZrY2vTUUCU8H/5chibqpAN2F65MdLOPAU\nHcmVuLBpXrfD3KCL3y6oN7EW6pg2eKCN+E/RBt7D9Mz/sXv9SwN1jzc2ogt+7iYH4BugOB\n2jQ91VaOSWhAbHWyOvJQAAAQAnunqG7c7RUeWjt4sXdhPbnkW+iiTZfb0vtrwIermu3iHL\npCXPnK+srp8YtwVwsqe7Zp5yEk24CbN1oBPKivcro0ThUa3nJz7A+QnlfHRLOeZfktYLo7\nxf39FCnG/kuq7AHs3HPXaAfLBltiDoKITu11nVqXtAASpsn5Mu+daF7zb2k8T0Q953LDI0\nalHJToSL0/ASAATh5QyA5bEfyfMUA7juqFPCobMbyoJ6e2Sc7dyFyA/BbFCy1Rp7Ljc5c/\n3Hjm5XRkmRUGz5wDX+lD418Ahy+HiiyVizFDi5MY49wByA+vneQun/0yr2doEToXNygz7I\nN1rtBti1x2u+1hPbAAABAQD7JDV22BJVk0KeML8wkqvH6CoCUF94UCcvqZTd14oqkKVY4b\nw2hajtsScIkFMEy6PDoypTNmGWF972Duawp5rnRB5/opYxeznqcJ27cfcv43vlp+277TWb\nbJnlhCLfA+IWlVTXJSc6ndL32vOnZEL9fpRDtm4lctoiLkrKUyac0djbzpU/Id5jkQ9frD\nrJ2KeuXzmQxxFImntnB53ttJUgbxMcp6RyMHeR4KaOP8BRSuM6gffkSWKB/BR68tzroGAU\nC9J0+ascNdPEuPfYuAIEmIERMQrSTjUbyM/kTRYBonOfsptZkGmpQ/tBE68IQFdCIvMmuw\nH0YjDptO/Cpy5LAAABAQDxmAs5piwkiemBx/feHtq1O1H0EkMRubyITqx98RX5yhnsG2Fu\n0z9BfHHhnmqdJSwVFVo871Rta8fYqUHqXJmq/BC/Ilm0wBxrsiHVi8E05ENAfRIASubESy\nm0cKMbKTztvye0ZGz2eGSQlA4q1D9+yXbzwUJZcgZ2XWMfqdiCQlGVS0cSWRCG7km4Ih8i\npq2Am5yWtXgHgks8Z9W3muigN2QsWFnkIjqBPNLPE7AAy9Mz3rLqWwTFAid/1EfLusgnii\ncvz1BFCgEJ/aXEUjenoycXE+6DBaLljmoVJz9Z7xHmfTbj573EJjs37doxtSyLCuxH7f6n\nxVm+sL42m9wjAAAAEXJvb3RANWMwNTE2ODFkMjZjAQ==\n-----END OPENSSH PRIVATE KEY-----",
"value_from": []
}
],
Expand Down Expand Up @@ -559,9 +559,50 @@
}
]
},
"sensitive_attributes": [],
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "template"
},
{
"type": "index",
"value": {
"value": 0,
"type": "number"
}
},
{
"type": "get_attr",
"value": "spec"
},
{
"type": "index",
"value": {
"value": 0,
"type": "number"
}
},
{
"type": "get_attr",
"value": "containers"
},
{
"type": "index",
"value": {
"value": 0,
"type": "number"
}
},
{
"type": "get_attr",
"value": "env"
}
]
],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9",
"dependencies": [
"data.google_secret_manager_secret_version.burn_sftp_ssh_keys",
"google_service_account.access_aws_secrets"
]
}
Expand All @@ -588,6 +629,7 @@
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.google_secret_manager_secret_version.burn_sftp_ssh_keys",
"google_cloud_run_service.tf-rest-burn-severity",
"google_service_account.access_aws_secrets"
]
Expand Down
Loading

0 comments on commit ddf7cee

Please sign in to comment.