DEV Community

loading...
Cover image for Rotate on a periodic basis using Terraform

Rotate on a periodic basis using Terraform

antoinega profile image Antoine ・1 min read

Photo by Jeremy Perkins on Unsplash

One key component of modern security is rotating secret.

Hashicorp has a good product that can generate secrets based on a master one : Vault.

I though it was very difficult to achieve this through Terraform.
But Terraform has a provider that can provide a change at the defined frequency basis : time_rotating.

Example:


terraform {
  required_providers {
    time = {
      source = "hashicorp/time"
      version = "0.5.0"
    }
  }
}

resource "time_rotating" "example" {
  rotation_days = 30
}

resource "random_id" "server" {
  keepers = {
    # Generate a new password each time time rotates
    rotation = time_rotating.example
  }

  byte_length = 8
}

Hope this helps !

Discussion

pic
Editor guide