~/codewithstu

// open_source

AWS Secrets Manager

OpenTofu module for provisioning AWS Secrets Manager secrets with resource policies, optional KMS encryption, and automatic Lambda-based rotation

View on GitHub

Overview

This module creates AWS Secrets Manager secrets with configurable resource policies, optional KMS encryption, and automatic rotation support.

Key Features

  • Configurable resource policies for fine-grained access control
  • Optional KMS encryption (defaults to AWS managed key)
  • Automatic secret rotation via Lambda
  • Configurable recovery window (7-30 days)
  • Infrastructure deployer role management
  • Custom rotation schedule (1-365 days)

Usage

module "secret" {
  source = "git::https://github.com/Im5tu/opentofu-aws-secrets-manager.git?ref=main"
 
  name        = "my-application/api-key"
  description = "API key for my application"
}