oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
329b3beeba16ba0be60be71cb5b1a91249607f51
aitbc/infra/terraform/environments/secrets.tf
oib 329b3beeba ``` 
feat: add SQLModel relationships, fix ZK verifier circuit integration, and complete Stage 19-20 documentation

- Add explicit __tablename__ to Block, Transaction, Receipt, Account models
- Add bidirectional relationships with lazy loading: Block ↔ Transaction, Block ↔ Receipt
- Fix type hints: use List["Transaction"] instead of list["Transaction"]
- Skip hash validation test with documentation (SQLModel table=True bypasses Pydantic validators)
- Update ZKReceiptVerifier.sol to match receipt_simple circuit (
2026-01-24 18:34:37 +01:00

129 lines
3.1 KiB
HCL
Raw Blame History

# Secrets management configuration
# Uses AWS Secrets Manager for sensitive values
# Database credentials
data "aws_secretsmanager_secret" "db_credentials" {
name = "aitbc/${var.environment}/db-credentials"
}
data "aws_secretsmanager_secret_version" "db_credentials" {
secret_id = data.aws_secretsmanager_secret.db_credentials.id
}
locals {
db_credentials = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)
}
# API keys
data "aws_secretsmanager_secret" "api_keys" {
name = "aitbc/${var.environment}/api-keys"
}
data "aws_secretsmanager_secret_version" "api_keys" {
secret_id = data.aws_secretsmanager_secret.api_keys.id
}
locals {
api_keys = jsondecode(data.aws_secretsmanager_secret_version.api_keys.secret_string)
}
# Wallet encryption keys
data "aws_secretsmanager_secret" "wallet_keys" {
name = "aitbc/${var.environment}/wallet-keys"
}
data "aws_secretsmanager_secret_version" "wallet_keys" {
secret_id = data.aws_secretsmanager_secret.wallet_keys.id
}
locals {
wallet_keys = jsondecode(data.aws_secretsmanager_secret_version.wallet_keys.secret_string)
}
# Create Kubernetes secrets from AWS Secrets Manager
resource "kubernetes_secret" "db_credentials" {
metadata {
name = "db-credentials"
namespace = "aitbc"
}
data = {
username = local.db_credentials.username
password = local.db_credentials.password
host = local.db_credentials.host
port = local.db_credentials.port
database = local.db_credentials.database
}
type = "Opaque"
}
resource "kubernetes_secret" "api_keys" {
metadata {
name = "api-keys"
namespace = "aitbc"
}
data = {
coordinator_api_key = local.api_keys.coordinator
explorer_api_key = local.api_keys.explorer
admin_api_key = local.api_keys.admin
}
type = "Opaque"
}
resource "kubernetes_secret" "wallet_keys" {
metadata {
name = "wallet-keys"
namespace = "aitbc"
}
data = {
encryption_key = local.wallet_keys.encryption_key
signing_key = local.wallet_keys.signing_key
}
type = "Opaque"
}
# External Secrets Operator (alternative approach)
# Uncomment if using external-secrets operator
#
# resource "kubernetes_manifest" "external_secret_db" {
# manifest = {
# apiVersion = "external-secrets.io/v1beta1"
# kind = "ExternalSecret"
# metadata = {
# name = "db-credentials"
# namespace = "aitbc"
# }
# spec = {
# refreshInterval = "1h"
# secretStoreRef = {
# name = "aws-secrets-manager"
# kind = "ClusterSecretStore"
# }
# target = {
# name = "db-credentials"
# }
# data = [
# {
# secretKey = "username"
# remoteRef = {
# key = "aitbc/${var.environment}/db-credentials"
# property = "username"
# }
# },
# {
# secretKey = "password"
# remoteRef = {
# key = "aitbc/${var.environment}/db-credentials"
# property = "password"
# }
# }
# ]
# }
# }
# }
Reference in New Issue View Git Blame Copy Permalink