Added PCSS secrets

bcgov · Jan 3, 2025 · 1e53de1 · 1e53de1
1 parent dde8b96
commit 1e53de1
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/infrastructure/cloud/modules/SecretsManager/main.tf b/infrastructure/cloud/modules/SecretsManager/main.tf
@@ -209,3 +209,17 @@ resource "aws_secretsmanager_secret_version" "api_authorizer_secret_value" {
     "verifyKey" = random_uuid.initial_api_auth_value.result
   })
 }
+
+resource "aws_secretsmanager_secret" "pcss_secret" {
+  name       = "external/${var.app_name}-pcss-secret-${var.environment}"
+  kms_key_id = var.kms_key_arn
+}
+
+resource "aws_secretsmanager_secret_version" "pcss_secret_value" {
+  secret_id = aws_secretsmanager_secret.pcss_secret.id
+  secret_string = jsonencode({
+    username = "",
+    password = "",
+    baseUrl  = ""
+  })
+}
diff --git a/infrastructure/cloud/modules/SecretsManager/output.tf b/infrastructure/cloud/modules/SecretsManager/output.tf
@@ -12,7 +12,8 @@ output "secrets_arn_list" {
     aws_secretsmanager_secret.request_secret.arn,
     aws_secretsmanager_secret.splunk_secret.arn,
     aws_secretsmanager_secret.user_services_client_secret.arn,
-    aws_secretsmanager_secret.api_authorizer_secret.arn
+    aws_secretsmanager_secret.api_authorizer_secret.arn,
+    aws_secretsmanager_secret.pcss_secret.arn
   ]
 }
 
@@ -42,6 +43,9 @@ output "api_secrets" {
     ["LookupServicesClient__Username", "${aws_secretsmanager_secret.lookup_services_client_secret.arn}:username::"],
     ["LookupServicesClient__Password", "${aws_secretsmanager_secret.lookup_services_client_secret.arn}:password::"],
     ["LookupServicesClient__Url", "${aws_secretsmanager_secret.lookup_services_client_secret.arn}:baseUrl::"],
+    ["PCSS__Username", "${aws_secretsmanager_secret.pcss_secret.arn}:username::"],
+    ["PCSS__Password", "${aws_secretsmanager_secret.pcss_secret.arn}:password::"],
+    ["PCSS__Url", "${aws_secretsmanager_secret.pcss_secret.arn}:baseUrl::"],
     ["Request__ApplicationCd", "${aws_secretsmanager_secret.request_secret.arn}:applicationCd::"],
     ["Request__AgencyIdentifierId", "${aws_secretsmanager_secret.request_secret.arn}:agencyIdentifierId::"],
     ["Request__GetUserLoginDefaultAgencyId", "${aws_secretsmanager_secret.request_secret.arn}:getUserLoginDefaultAgencyId::"],
@@ -89,3 +93,11 @@ output "allowed_ip_ranges" {
   value     = jsondecode(data.aws_secretsmanager_secret_version.current_misc_secret_value.secret_string).allowedIpRanges
   sensitive = true
 }
+
+output "file_services_client_secret_name" {
+  value = aws_secretsmanager_secret.file_services_client_secret.name
+}
+
+output "pcss_secret_name" {
+  value = aws_secretsmanager_secret.pcss_secret.name
+}