ShieldAI/infra/modules/secrets/main.tf

variable "environment" {
  description = "Deployment environment"
  type        = string
}

variable "project_name" {
  description = "Project name"
  type        = string
}

variable "secrets" {
  description = "Secrets to store"
  type        = map(string)
  default     = {}
}

resource "aws_secretsmanager_secret" "main" {
  name = "${var.project_name}-${var.environment}-app-secrets"

  description = "Application secrets for ${var.project_name} (${var.environment})"

  tags = {
    Name = "${var.project_name}-${var.environment}-app-secrets"
    Environment = var.environment
  }
}

resource "aws_secretsmanager_secret_version" "main" {
  secret_id = aws_secretsmanager_secret.main.id

  secret_string = jsonencode(merge({
    DATABASE_URL = "postgresql://shieldai:${var.project_name}@${var.project_name}-${var.environment}-db.${data.aws_caller_identity.current.account_id}.us-east-1.rds.amazonaws.com:5432/shieldai"
    REDIS_URL    = "redis://${var.project_name}-${var.environment}-redis.${data.aws_caller_identity.current.account_id}.us-east-1.cache.amazonaws.com:6379"
    NODE_ENV     = var.environment
    LOG_LEVEL    = var.environment == "production" ? "info" : "debug"
  }, var.secrets))
}

data "aws_caller_identity" "current" {}

output "secrets_manager_arn" {
  description = "Secrets Manager ARN"
  value       = aws_secretsmanager_secret.main.arn
}

output "secrets_manager_name" {
  description = "Secrets Manager secret name"
  value       = aws_secretsmanager_secret.main.name
}