I have created an AWS secret using the aws_secretsmanager_secret resource and have enabled the rotation. Now, if I want to rotate the secret before the automatic rotation time, what is the best way to do this in terraform considering it can be reused whenever required.
Asked
Active
Viewed 655 times
1 Answers
1
The easiest way is to recreate the secret resource. Jarno gave a similar answer here: https://stackoverflow.com/a/69914015/1548760, which states:
Key rotation in terraform is possible by using
terraform apply -replace=<resource address>, which replaces the resource immediately orterraform taint <resource address>, which replaces the resource on the next apply for version below v0.15.2.
Given this tip one can run terraform apply -replace=aws_secretsmanager_secret.<my_secret_name> to rotate a secret. Just remember to make sure the downstream applications that use the secret take notice of the change and are restarted if necessary to make use of the new one!
rotimislaw
- 61
- 4