π‘ Learn more about Masterpoint below.
This Terraform module provides a standard and extensible way of managing secrets from different sources, making them accessible through local.secrets["<SECRET_NAME>"]. It's designed to create an abstract interface for dealing with secrets in Terraform, regardless of the source of these secrets.
Our initial version is built to handle SOPS secrets, but it is designed in a way that it can be easily extended to support other secret providers like AWS SSM Parameter Store, Vault, and more in the future.
This module can be included as a child module, where needed, to fetch secrets and provide them in an abstract manner.
Copy exports/secrets.mixin.tf to your project by running the following command:
curl -sL https://raw.githubusercontent.com/masterpointio/terraform-secrets-helper/main/exports/secrets.mixin.tf -o secrets.mixin.tfThe mixin incorporates the invocation of this module, so you simply need to configure the required secret_mapping variable and then reference it within your code.
See the full example in examples/complete
secret_mapping = [{
name = "db_password"
file = "test.yaml"
type = "sops"
}]
output "db_password" {
value = jsonencode(local.secrets["db_password"])
sensitive = true
}secret_mapping = [{
name = "api_token"
type = "ssm"
path = "/myapp/prod/api_token"
}]You can combine both SOPS and SSM secrets in the same configuration:
secret_mapping = [
{
name = "db_password"
type = "sops"
file = "secrets.yaml"
},
{
name = "api_token"
type = "ssm"
path = "/myapp/prod/api_token"
}
]The module currently supports SOPS and AWS SSM Parameter Store. Future versions may add support for other secret providers like HashiCorp Vault, AWS Secrets Manager, and more.
| Name | Version |
|---|---|
| terraform | >= 1.3 |
| aws | >= 4.0 |
| sops | >= 0.7 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
| sops | >= 0.7 |
No modules.
| Name | Type |
|---|---|
| aws_ssm_parameter.ssm_secrets | data source |
| sops_file.sops_secrets | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| secret_mapping | The list of secret mappings the application will need. This creates secret values for the component to consume at local.secrets[name].For SOPS secrets: use type="sops" (default), file="path/to/sops/file.yaml", and name matching a key in the SOPS file. For SSM secrets: use type="ssm" and path="/path/to/ssm/parameter". |
list(object({ |
[] |
no |
| Name | Description |
|---|---|
| all | The final secrets pulled from various sources. |
Powered by the Masterpoint team and driven forward by contributions from the community β€οΈ
Contributions are welcome and appreciated!
Found an issue or want to request a feature? Open an issue
Want to fix a bug you found or add some functionality? Fork, clone, commit, push, and PR β we'll check it out.
Established in 2016, Masterpoint is a team of experienced software and platform engineers specializing in Infrastructure as Code (IaC). We provide expert guidance to organizations of all sizes, helping them leverage the latest IaC practices to accelerate their engineering teams.
Our mission is to simplify cloud infrastructure so developers can innovate faster, safer, and with greater confidence. By open-sourcing tools and modules that we use internally, we aim to contribute back to the community, promoting consistency, quality, and security.
- π Open Source: We live and breathe open source, contributing to and maintaining hundreds of projects across multiple organizations.
- π 1% for the Planet: Demonstrating our commitment to environmental sustainability, we are proud members of 1% for the Planet, pledging to donate 1% of our annual sales to environmental nonprofits.
- πΊπ¦ 1% Towards Ukraine: With team members and friends affected by the ongoing Russo-Ukrainian war, we donate 1% of our annual revenue to invasion relief efforts, supporting organizations providing aid to those in need. Here's how you can help Ukraine with just a few clicks.
We're active members of the community and are always publishing content, giving talks, and sharing our hard earned expertise. Here are a few ways you can see what we're up to:
... and be sure to connect with our founder, Matt Gowie.
Copyright Β© 2016-2025 Masterpoint Consulting LLC