DEV Community

loading...
Cover image for Rotate on a periodic basis using Terraform

Rotate on a periodic basis using Terraform

Antoine
mainly .Net but looking for great stuff about anything
・1 min read

Photo by Jeremy Perkins on Unsplash

One key component of modern security is rotating secret.

Hashicorp has a good product that can generate secrets based on a master one : Vault.

I though it was very difficult to achieve this through Terraform.
But Terraform has a provider that can provide a change at the defined frequency basis : time_rotating.

Example:


terraform {
  required_providers {
    time = {
      source = "hashicorp/time"
      version = "0.5.0"
    }
  }
}

resource "time_rotating" "example" {
  rotation_days = 30
}

resource "random_id" "server" {
  keepers = {
    # Generate a new password each time time rotates
    rotation = time_rotating.example
  }

  byte_length = 8
}

Hope this helps !

Discussion (0)