Add GSA auth keys to Github secrets.

casey-rapnicki-bixal · casey-rapnicki-bixal · commit 675a103a5f18 · 2024-12-09T11:17:22.000-05:00
diff --git a/terraform/bootstrap/locals.tf b/terraform/bootstrap/locals.tf
@@ -160,6 +160,16 @@ locals {
           key = "tf_bastion"
           value = "${local.project}-tf-bastion-bootstrap"
         }
+        gsa_auth_development_key = {
+          encrypted = false
+          key = "gsa_auth_development_key"
+          value = var.gsa_auth_development_key
+        }
+        gsa_auth_production_key = {
+          encrypted = false
+          key = "gsa_auth_production_key"
+          value = var.gsa_auth_production_key
+        }
         hash_salt = {
           encrypted = false
           key = "hash_salt"
@@ -262,6 +272,8 @@ locals {
 
           space = local.production_space
 
+          stopped = true
+
           ## Templates take templated files and fill them in with sensitive data.
           templates = []
         }
@@ -272,7 +284,3 @@ locals {
   ## Map of the 'all' environement and the current workspace settings.
   env = merge(try(local.envs.all, {}), try(local.envs.bootstrap, {}))
 }
-
-output "name" {
-  value = local.env.passwords
-}
diff --git a/terraform/bootstrap/variables.tf b/terraform/bootstrap/variables.tf
@@ -33,6 +33,18 @@ variable "github_token" {
   sensitive   = true
 }
 
+variable "gsa_auth_development_key" {
+  description = "The GSA Auth key for development environments."
+  type = string
+  sensitive = true
+}
+
+variable "gsa_auth_production_key" {
+  description = "The GSA Auth key for production environments."
+  type = string
+  sensitive = true
+}
+
 variable "mtls_port" {
   description = "The default port to direct traffic to. Envoy proxy listens on 61443 and redirects to 8080, which the application should listen on."
   type        = number
