From 8f294e9c6285e4e07f3a33fa7fb8b454f053e689 Mon Sep 17 00:00:00 2001
From: BenyBoy84 <Blais_Benoit@hotmail.com>
Date: Tue, 19 Mar 2024 09:10:38 -0400
Subject: [PATCH 01/10] v0.0.46

---
 docs/README_header.md          | 6 ++++--
 locals.tf                      | 3 +++
 resources_hcp_vault_secrets.tf | 8 +++++++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/docs/README_header.md b/docs/README_header.md
index 1b1e1cd..6d4def9 100644
--- a/docs/README_header.md
+++ b/docs/README_header.md
@@ -21,7 +21,7 @@ instead of a user token.
 
 ### Hashicorp Vault Secrets Permissions
 
-To read and create secrets in Hashicorp Vault Secrets, provide a client ID and a key
+To manage secrets in Hashicorp Vault Secrets, provide a client ID and a key
 from a service principals with the secret `contributor` role.
 
 ### GitHub Permissions
@@ -83,7 +83,9 @@ GITHUB_APP_PEM_FILE, and GITHUB_OWNER environment variables to authenticate.
   * branches protection
   * repositories secrets
   * teams
-* Read and write secrets in Hashicorp Vault Secrets
+* Manages configuration and life-cycle of Hashicorp Vault Secrets
+  * app
+  * secrets
 
 ## Prerequisite
 
diff --git a/locals.tf b/locals.tf
index 02c291d..011d54e 100644
--- a/locals.tf
+++ b/locals.tf
@@ -39,6 +39,9 @@ locals {
     }
   ]
 
+  # This local is used to defined the Hashicorp Vault Secrets app name where team token will be stored.
+  hcp_vault_secrets_app_name = "TerraformCloud"
+
   # This local is used to define teams at the organization level.
   tfc_organization_teams = [
     # `tfc_organization_teams` is a list of object.
diff --git a/resources_hcp_vault_secrets.tf b/resources_hcp_vault_secrets.tf
index d4b3f81..a186eed 100644
--- a/resources_hcp_vault_secrets.tf
+++ b/resources_hcp_vault_secrets.tf
@@ -1,8 +1,14 @@
+# The following code block is used to create the Hashicorp Vault Secret app where team token will be stored.
+
+resource "hcp_vault_secrets_app" "this" {
+  app_name    = local.hcp_vault_secrets_app_name
+}
+
 # The following code blode is used to create secret in Hashicorp Vault.
 
 resource "hcp_vault_secrets_secret" "this" {
   for_each     = nonsensitive({ for team in local.tfc_teams : team.name => team if try(team.token, false) == true })
-  app_name     = "TerraformCloud"
+  app_name     = local.hcp_vault_secrets_app_name
   secret_name  = lower(replace(each.value.name, "/\\W|_|\\s/", "_"))
   secret_value = module.tfe_teams[each.value.name].token
 }
\ No newline at end of file

From 9bd0b91465db440d486047b768b71574b9326d74 Mon Sep 17 00:00:00 2001
From: GitHub Action <notifications@github.com>
Date: Tue, 19 Mar 2024 13:12:06 +0000
Subject: [PATCH 02/10] Automated Terraform Formatting

---
 resources_hcp_vault_secrets.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources_hcp_vault_secrets.tf b/resources_hcp_vault_secrets.tf
index a186eed..3dc04c4 100644
--- a/resources_hcp_vault_secrets.tf
+++ b/resources_hcp_vault_secrets.tf
@@ -1,7 +1,7 @@
 # The following code block is used to create the Hashicorp Vault Secret app where team token will be stored.
 
 resource "hcp_vault_secrets_app" "this" {
-  app_name    = local.hcp_vault_secrets_app_name
+  app_name = local.hcp_vault_secrets_app_name
 }
 
 # The following code blode is used to create secret in Hashicorp Vault.

From bef94011e81ee0f39c023274b2e818dfac6b12a1 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 19 Mar 2024 13:12:08 +0000
Subject: [PATCH 03/10] terraform-docs: automated action

---
 README.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c850b8a..b74e1cb 100644
--- a/README.md
+++ b/README.md
@@ -22,8 +22,8 @@ instead of a user token.
 
 ### Hashicorp Vault Secrets Permissions
 
-To read secrets from Hashicorp Vault Secrets, provide a client ID and a key
-from a service principals with the secret `reader` role.
+To manage secrets in Hashicorp Vault Secrets, provide a client ID and a key
+from a service principals with the secret `contributor` role.
 
 ### GitHub Permissions
 
@@ -84,7 +84,9 @@ GITHUB\_APP\_PEM\_FILE, and GITHUB\_OWNER environment variables to authenticate.
   * branches protection
   * repositories secrets
   * teams
-* Read secrets from Hashicorp Vault Secrets
+* Manages configuration and life-cycle of Hashicorp Vault Secrets
+  * app
+  * secrets
 
 ## Prerequisite
 
@@ -179,6 +181,7 @@ No optional inputs.
 The following resources are used by this module:
 
 - [github_actions_secret.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) (resource)
+- [hcp_vault_secrets_app.this](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/resources/vault_secrets_app) (resource)
 - [hcp_vault_secrets_secret.this](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/resources/vault_secrets_secret) (resource)
 - [tfe_project.project](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/project) (resource)
 - [tfe_project_variable_set.this](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/project_variable_set) (resource)

From 16eaa982d20ff341c7e53a1b4ed80dd39c220d18 Mon Sep 17 00:00:00 2001
From: BenyBoy84 <Blais_Benoit@hotmail.com>
Date: Tue, 19 Mar 2024 09:24:26 -0400
Subject: [PATCH 04/10] v0.0.46

---
 outputs.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/outputs.tf b/outputs.tf
index cdb4e74..13f2eb5 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -6,4 +6,9 @@ output "modules_registry_github_owners_team" {
 output "modules_registry_github_contributors_team" {
   description = "The id of the GitHub team who can contribute to the private modules registry."
   value       = module.git_teams["TerraformCloud-ModulesRegistry-Contributors"].id
+}
+
+output "hcp_vault_secrets_app_name" {
+  description = "The name of the Hashicorp Vault Secrets app where team token will be stored."
+  value       = local.hcp_vault_secrets_app_name
 }
\ No newline at end of file

From 2bb083b7a7ea4d1ad814d7a05f21fef215816cfe Mon Sep 17 00:00:00 2001
From: BenyBoy84 <Blais_Benoit@hotmail.com>
Date: Tue, 19 Mar 2024 09:28:19 -0400
Subject: [PATCH 05/10] v0.0.46

---
 outputs.tf | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/outputs.tf b/outputs.tf
index 13f2eb5..a94d5b7 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,11 @@
-output "modules_registry_github_owners_team" {
-  description = "The id of the GitHub team who owns the private modules registry."
-  value       = module.git_teams["TerraformCloud-ModulesRegistry-Owners"].id
+output "hcp_vault_secrets_app_name" {
+  description = "The name of the Hashicorp Vault Secrets app where team token will be stored."
+  value       = local.hcp_vault_secrets_app_name
+}
+
+output "manage_modules_team_token" {
+  description = "The token of the team with `manage-modules` access."
+  value       = module.tfe_teams["manage-modules"].tfe_team_token.this[0]
 }
 
 output "modules_registry_github_contributors_team" {
@@ -8,7 +13,7 @@ output "modules_registry_github_contributors_team" {
   value       = module.git_teams["TerraformCloud-ModulesRegistry-Contributors"].id
 }
 
-output "hcp_vault_secrets_app_name" {
-  description = "The name of the Hashicorp Vault Secrets app where team token will be stored."
-  value       = local.hcp_vault_secrets_app_name
-}
\ No newline at end of file
+output "modules_registry_github_owners_team" {
+  description = "The id of the GitHub team who owns the private modules registry."
+  value       = module.git_teams["TerraformCloud-ModulesRegistry-Owners"].id
+}

From 1c3d5db72078c1be92b89a3487257f55ecf53a1b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 19 Mar 2024 13:29:55 +0000
Subject: [PATCH 06/10] terraform-docs: automated action

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index b74e1cb..118460c 100644
--- a/README.md
+++ b/README.md
@@ -200,6 +200,14 @@ The following resources are used by this module:
 
 The following outputs are exported:
 
+### <a name="output_hcp_vault_secrets_app_name"></a> [hcp\_vault\_secrets\_app\_name](#output\_hcp\_vault\_secrets\_app\_name)
+
+Description: The name of the Hashicorp Vault Secrets app where team token will be stored.
+
+### <a name="output_manage_modules_team_token"></a> [manage\_modules\_team\_token](#output\_manage\_modules\_team\_token)
+
+Description: The token of the team with `manage-modules` access.
+
 ### <a name="output_modules_registry_github_contributors_team"></a> [modules\_registry\_github\_contributors\_team](#output\_modules\_registry\_github\_contributors\_team)
 
 Description: The id of the GitHub team who can contribute to the private modules registry.

From 6041fed9e8cdddb98dcd29158a08d38c5c66b594 Mon Sep 17 00:00:00 2001
From: BenyBoy84 <Blais_Benoit@hotmail.com>
Date: Tue, 19 Mar 2024 09:30:36 -0400
Subject: [PATCH 07/10] v0.0.46

---
 outputs.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/outputs.tf b/outputs.tf
index a94d5b7..3ef479d 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -5,7 +5,7 @@ output "hcp_vault_secrets_app_name" {
 
 output "manage_modules_team_token" {
   description = "The token of the team with `manage-modules` access."
-  value       = module.tfe_teams["manage-modules"].tfe_team_token.this[0]
+  value       = module.tfe_teams["manage-modules"].token
 }
 
 output "modules_registry_github_contributors_team" {

From 3b95112a0cc478f63284113ddd35b7c375d7a0df Mon Sep 17 00:00:00 2001
From: BenyBoy84 <Blais_Benoit@hotmail.com>
Date: Tue, 19 Mar 2024 09:34:28 -0400
Subject: [PATCH 08/10] v0.0.46

---
 outputs.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/outputs.tf b/outputs.tf
index 3ef479d..edb5845 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -6,6 +6,7 @@ output "hcp_vault_secrets_app_name" {
 output "manage_modules_team_token" {
   description = "The token of the team with `manage-modules` access."
   value       = module.tfe_teams["manage-modules"].token
+  sensitive   = true
 }
 
 output "modules_registry_github_contributors_team" {

From c371fa99d0799334dbd3147539fd5345aa2a4035 Mon Sep 17 00:00:00 2001
From: BenyBoy84 <Blais_Benoit@hotmail.com>
Date: Tue, 19 Mar 2024 09:36:17 -0400
Subject: [PATCH 09/10] v0.0.46

---
 outputs.tf | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/outputs.tf b/outputs.tf
index edb5845..7b59c78 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,8 +1,3 @@
-output "hcp_vault_secrets_app_name" {
-  description = "The name of the Hashicorp Vault Secrets app where team token will be stored."
-  value       = local.hcp_vault_secrets_app_name
-}
-
 output "manage_modules_team_token" {
   description = "The token of the team with `manage-modules` access."
   value       = module.tfe_teams["manage-modules"].token

From 627222a2ed221a32a6ea4c61152f776a7a43607e Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 19 Mar 2024 13:36:35 +0000
Subject: [PATCH 10/10] terraform-docs: automated action

---
 README.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/README.md b/README.md
index 118460c..8ee2aa0 100644
--- a/README.md
+++ b/README.md
@@ -200,10 +200,6 @@ The following resources are used by this module:
 
 The following outputs are exported:
 
-### <a name="output_hcp_vault_secrets_app_name"></a> [hcp\_vault\_secrets\_app\_name](#output\_hcp\_vault\_secrets\_app\_name)
-
-Description: The name of the Hashicorp Vault Secrets app where team token will be stored.
-
 ### <a name="output_manage_modules_team_token"></a> [manage\_modules\_team\_token](#output\_manage\_modules\_team\_token)
 
 Description: The token of the team with `manage-modules` access.