Skip to content

feat: add SOPS KMS key foundation#5

Merged
xnoto merged 1 commit into
mainfrom
feat/sops-kms-key
Jun 19, 2026
Merged

feat: add SOPS KMS key foundation#5
xnoto merged 1 commit into
mainfrom
feat/sops-kms-key

Conversation

@xnoto

@xnoto xnoto commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add an AWS KMS key and alias for future SOPS AWS KMS recipients
  • output the KMS key ARN for follow-up SOPS recipient migration
  • regenerate terraform-docs README

Validation

  • tofu init -backend=false -input=false -no-color
  • tofu validate -no-color
  • PCT_TFPATH=$(command -v tofu) pre-commit run --all-files

@xnoto xnoto self-assigned this Jun 19, 2026
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

OpenTofu Plan

OpenTofu will perform the following actions:

  # aws_kms_alias.sops will be created
  + resource "aws_kms_alias" "sops" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/makeitworkcloud/sops"
      + name_prefix    = (known after apply)
      + region         = "us-west-2"
      + target_key_arn = (known after apply)
      + target_key_id  = (known after apply)
    }

  # aws_kms_key.sops will be created
  + resource "aws_kms_key" "sops" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + deletion_window_in_days            = 30
      + description                        = "SOPS encryption key for Make IT Work Cloud infrastructure secrets"
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + region                             = "us-west-2"
      + rotation_period_in_days            = (known after apply)
      + tags                               = {
          + "ManagedBy" = "Terraform"
          + "Purpose"   = "sops"
        }
      + tags_all                           = {
          + "ManagedBy" = "Terraform"
          + "Purpose"   = "sops"
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + sops_kms_key_arn     = (known after apply)

@xnoto xnoto merged commit e9b620f into main Jun 19, 2026
3 checks passed
@xnoto xnoto deleted the feat/sops-kms-key branch June 19, 2026 03:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@xnoto xnoto

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xnoto