feat: add Secrets Manager for secure database credential management

kazmithub · kazmithub · commit dd712bb6b22c · 2026-04-20T17:39:53.000+05:00
diff --git a/secrets.tf b/secrets.tf
@@ -0,0 +1,21 @@
+# AWS Secrets Manager for Database Credentials
+# Eliminates hardcoded passwords in Terraform state
+
+resource "aws_secretsmanager_secret" "db_password" {
+  name                    = "rds/master-password"
+  description             = "RDS master user password"
+  recovery_window_in_days = 7
+}
+
+resource "random_password" "db_password" {
+  length  = 32
+  special = false
+}
+
+resource "aws_secretsmanager_secret_version" "db_password" {
+  secret_id     = aws_secretsmanager_secret.db_password.id
+  secret_string = random_password.db_password.result
+}
+
+# Reference in RDS: manage_master_user_password = true (RDS v2.7.0+)
+# Or use: password = aws_secretsmanager_secret_version.db_password.secret_string
