adding secret to terraform

damienjburks · damienjburks · commit 5607d92d6391 · 2024-12-13T19:19:42.000-06:00
diff --git a/data.tf b/data.tf
@@ -0,0 +1 @@
+data "google_project" "default" {}
diff --git a/main.tf b/main.tf
@@ -1,4 +1,4 @@
-data "google_project" "default" {}
+# Build Buckets
 resource "google_storage_bucket" "default" {
   name          = "dsb-devsecops-lab-bucket"
   location      = var.region
@@ -11,9 +11,28 @@ resource "google_storage_bucket" "default" {
   uniform_bucket_level_access = true
 }
 
-resource "google_artifact_registry_repository" "default_docker_repo" {
+# Artifact Repository (Registry)
+resource "google_artifact_registry_repository" "default" {
   repository_id = "dsb-docker-images"
   format        = "DOCKER"
   location      = var.region
   description   = "Repository for all DSB Docker images"
 }
+
+# Secrets
+resource "google_secret_manager_secret" "snyk_token" {
+  secret_id = "cloudbuild/snyk-token"
+
+  replication {
+    user_managed {
+      replicas {
+        location = var.region
+      }
+    }
+  }
+}
+
+resource "google_secret_manager_secret_version" "snyk_token_version" {
+  secret      = google_secret_manager_secret.snyk_token.id
+  secret_data = var.SNYK_TOKEN
+}
diff --git a/variables.tf b/variables.tf
@@ -8,4 +8,7 @@ variable "region" {
   type        = string
   description = "Region"
   default     = "us-central1"
-}
+}
+
+# Terraform Environment Variables
+variable "SNYK_TOKEN" {}
