Merge pull request #46 from ConseilsTI/v0.0.45

V0.0.45
ConseilsTI · Mar 19, 2024 · 58fa530 · 58fa530
2 parents 83dce15 + a792163
commit 58fa530
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -22,8 +22,8 @@ instead of a user token.
 
 ### Hashicorp Vault Secrets Permissions
 
-To read secrets from Hashicorp Vault Secrets, provide a client ID and a key
-from a service principals with the secret `reader` role.
+To read and create secrets in Hashicorp Vault Secrets, provide a client ID and a key
+from a service principals with the secret `contributor` role.
 
 ### GitHub Permissions
 
@@ -84,7 +84,7 @@ GITHUB\_APP\_PEM\_FILE, and GITHUB\_OWNER environment variables to authenticate.
   * branches protection
   * repositories secrets
   * teams
-* Read secrets from Hashicorp Vault Secrets
+* Read and write secrets in Hashicorp Vault Secrets
 
 ## Prerequisite
 
@@ -179,6 +179,7 @@ No optional inputs.
 The following resources are used by this module:
 
 - [github_actions_secret.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) (resource)
+- [hcp_vault_secrets_secret.this](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/resources/vault_secrets_secret) (resource)
 - [tfe_project.project](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/project) (resource)
 - [tfe_project_variable_set.this](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/project_variable_set) (resource)
 - [tfe_variable.variable_set](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/variable) (resource)

diff --git a/docs/README_header.md b/docs/README_header.md
@@ -21,8 +21,8 @@ instead of a user token.
 
 ### Hashicorp Vault Secrets Permissions
 
-To read secrets from Hashicorp Vault Secrets, provide a client ID and a key
-from a service principals with the secret `reader` role.
+To read and create secrets in Hashicorp Vault Secrets, provide a client ID and a key
+from a service principals with the secret `contributor` role.
 
 ### GitHub Permissions
 
@@ -83,7 +83,7 @@ GITHUB_APP_PEM_FILE, and GITHUB_OWNER environment variables to authenticate.
   * branches protection
   * repositories secrets
   * teams
-* Read secrets from Hashicorp Vault Secrets
+* Read and write secrets in Hashicorp Vault Secrets
 
 ## Prerequisite
 

diff --git a/resources_hcp_vault_secrets.tf b/resources_hcp_vault_secrets.tf
@@ -0,0 +1,8 @@
+# The following code blode is used to create secret in Hashicorp Vault.
+
+resource "hcp_vault_secrets_secret" "this" {
+  for_each     = nonsensitive({ for team in local.tfc_teams : team.name => team if try(team.token, false) == true })
+  app_name     = "TerraformCloud"
+  secret_name  = lower(replace(each.value.name, "/\\W|_|\\s/", "_"))
+  secret_value = module.tfe_teams[each.value.name].token
+}