xdr-terraform-modules/base/account_standards_c2/secrets.tf

# Set up some basic secret configuration. We don't want the secrets themselves in here. They'll have to be hand-entered. But this will set up the scaffolding.
output "secrets_manager_reminder" {
  value = "REMINDER: If this is your first time, don't forget to update the secrets in secrets manager."
}

resource "aws_secretsmanager_secret" "codebuild_ghe_key" {
  name                    = "GHE/mdr-aws-codebuild/key"
  description             = "GitHub Personal Access Key for the mdr-aws-codebuild account"
  recovery_window_in_days = 30
  tags                    = merge(var.standard_tags, var.tags)
}

# This just seeds an initial value. It will not be overwritten each update.
resource "aws_secretsmanager_secret_version" "codebuild_ghe_secret_version" {
  secret_id     = aws_secretsmanager_secret.codebuild_ghe_key.id
  secret_string = "SETME"
}