Page MenuHomePhabricator
Files F3383974

D8667.diff
No OneTemporary
Actions

D8667.diff
View Options

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,6 @@
+creation_rules:
+ # Terraform secrets file.
+ - path_regex: services/terraform/remote/secrets\.json$
+ kms: 'arn:aws:kms:us-east-2:319076408221:key/2e54d528-50a2-489c-a4d7-d50c7c9f8303'
+ # We can potentially re-use this KMS key for other SOPS-encrypted files
+ # by either copying the 'kms' value or modifying the path regex
diff --git a/services/terraform/remote/.terraform.lock.hcl b/services/terraform/remote/.terraform.lock.hcl
--- a/services/terraform/remote/.terraform.lock.hcl
+++ b/services/terraform/remote/.terraform.lock.hcl
@@ -1,6 +1,21 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
+provider "registry.terraform.io/carlpett/sops" {
+ version = "0.7.2"
+ constraints = "0.7.2"
+ hashes = [
+ "h1:nWrLW+9JjGLwfss4T7pTaE+JiZlBJQGoYxt4pDe5OE8=",
+ "zh:43f218054ea3a72c9756bf989aeebb9d0f23b66fd08e9fb4ae75d4f921295e82",
+ "zh:57fd326388042a6b7ecd60f740f81e5ef931546c4f068f054e7df34acf65d190",
+ "zh:87b970db8c137f4c2fcbff7a5705419a0aea9268ae0ac94f1ec5b978e42ab0d2",
+ "zh:9e3b67b89ac919f01731eb0466baa08ce0721e6cf962fe6752e7cc526ac0cba0",
+ "zh:c028f67ef330be0d15ce4d7ac7649a2e07a98ed3003fca52e0c72338b5f481f8",
+ "zh:c29362e36a44480d0d9cb7d90d1efba63fe7e0e94706b2a07884bc067c46cbc7",
+ "zh:d5bcfa836244718a1d564aa96eb7d733b4d361b6ecb961f7c5bcd0cadb1dfd05",
+ ]
+}
+
provider "registry.terraform.io/hashicorp/aws" {
version = "5.7.0"
constraints = "~> 5.7.0"
diff --git a/services/terraform/remote/main.tf b/services/terraform/remote/main.tf
--- a/services/terraform/remote/main.tf
+++ b/services/terraform/remote/main.tf
@@ -1,3 +1,13 @@
+provider "sops" {}
+
+data "sops_file" "secrets_json" {
+ source_file = "secrets.json"
+}
+
+locals {
+ secrets = jsondecode(data.sops_file.secrets_json.raw)
+}
+
provider "aws" {
region = "us-east-2"
diff --git a/services/terraform/remote/providers.tf b/services/terraform/remote/providers.tf
--- a/services/terraform/remote/providers.tf
+++ b/services/terraform/remote/providers.tf
@@ -4,5 +4,10 @@
source = "hashicorp/aws"
version = "~> 5.7.0"
}
+
+ sops = {
+ source = "carlpett/sops"
+ version = "0.7.2"
+ }
}
}
diff --git a/services/terraform/remote/secrets.json b/services/terraform/remote/secrets.json
new file mode 100644
--- /dev/null
+++ b/services/terraform/remote/secrets.json
@@ -0,0 +1,26 @@
+{
+ "accountIDs": {
+ "production": "ENC[AES256_GCM,data:bFvAqsaeaK63a89t,iv:DItiKGCI6RPfkjQPSrUWhddvJQKOTnYEeyzgHfckrXw=,tag:5NTw9AuEXhU9eOKzd2wvtw==,type:str]",
+ "staging": "ENC[AES256_GCM,data:qoJZWlb2BusLjLJV,iv:cRt9S8qKZ8qz3q41Xc1o+giTTHA0jWkTLQDFHUHFR2U=,tag:EbZKVX7NkxDmx1s1PIjIeg==,type:str]"
+ },
+ "keyserverPublicKey": "ENC[AES256_GCM,data:6QnxnmA21WMjsqFJHgSxh4UkzoR1LMQuoK+F4uj5cxZPqsvverDjf9OfJg==,iv:gScxT+OOcnIrnc32S/Skk1/y15k2yhMVkCjuCUkQ3Y8=,tag:ZzP+7sgxZoJHD/XpMwwxWg==,type:str]",
+ "sops": {
+ "kms": [
+ {
+ "arn": "arn:aws:kms:us-east-2:319076408221:key/2e54d528-50a2-489c-a4d7-d50c7c9f8303",
+ "created_at": "2023-07-29T15:16:43Z",
+ "enc": "AQICAHj+McP79InpW8dFM/rPPvaCljIlb0zq8qoMY/a2UlUSewFFXrO432X6dWZfZHFVsgoGAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM0LAEze794jBZIKO/AgEQgDuVcwyViTDZoLwGj5icgKlABQFeUofitRD9e19i3Q+0ZyT7sSQ/4t2GuxvVo4cVEIkHCgTNH2RXLoqzPA==",
+ "aws_profile": ""
+ }
+ ],
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2023-07-29T15:45:13Z",
+ "mac": "ENC[AES256_GCM,data:wVc1NNxVauqJrQqjWQDlsunmLYUTr1DOKFzmAQWUOHNc2eF7Fv5KPZ7rH3ktk75vXP3LYu3EPhd/Mr4J7cqps/yOXrZDuSLVcqqaAQDfvinfpGR8ZI9u262iTs7k/mYamnRZ7Cvlmlgb3t6juIWkc01WN+zxAJG8mynEIGiJLjQ=,iv:s6rXITHgv9X6XHAK3/Cm20r3Cc/UyLxo8H33r3elRso=,tag:V+1ax+MMGH+sUXZH48VSwA==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.3"
+ }
+}

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 29, 6:41 PM (20 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2597807
Default Alt Text
D8667.diff (3 KB)

Event Timeline