From 9ac676192ef674a6b707b7a2d1707e9651dbe065 Mon Sep 17 00:00:00 2001
From: talithafrsc <talithafresca@gmail.com>
Date: Sun, 27 Oct 2024 14:15:43 +0700
Subject: [PATCH] change tf secret strategy

---
 .github/workflows/terraform-ci.yml | 6 +++---
 terraform/main.tf                  | 2 +-
 terraform/variables.tf             | 7 ++++++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
index 8b1e4626e..2508a78d4 100644
--- a/.github/workflows/terraform-ci.yml
+++ b/.github/workflows/terraform-ci.yml
@@ -26,12 +26,11 @@ jobs:
         run: terraform init
         env:
           GOOGLE_CREDENTIALS: ${{ secrets.GCP_JSON }}
-      - name: Replace secret
-        run: sed -i "s/POSTGRES_PASSWORD/${{ secrets.POSTGRES_PASSWORD }}/" main.tf
       - name: Dry run Terraform
         run: terraform plan -var-file=variables.tfvars
         env:
           GOOGLE_CREDENTIALS: ${{ secrets.GCP_JSON }}
+          TF_VAR_db_password: ${{ secrets.POSTGRES_PASSWORD }}
           
   terraform-deploy:
     runs-on: ubuntu-latest
@@ -56,4 +55,5 @@ jobs:
       - name: Deploy Terraform
         run: terraform apply -var-file=variables.tfvars -auto-approve
         env:
-          GOOGLE_CREDENTIALS: ${{ secrets.GCP_JSON }}
\ No newline at end of file
+          GOOGLE_CREDENTIALS: ${{ secrets.GCP_JSON }}
+          TF_VAR_db_password: ${{ secrets.POSTGRES_PASSWORD }}
\ No newline at end of file
diff --git a/terraform/main.tf b/terraform/main.tf
index e797c1252..07bffee73 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -55,7 +55,7 @@ resource "google_sql_database_instance" "petclinic" {
 resource "google_sql_user" "users" {
   name     = var.app
   instance = google_sql_database_instance.petclinic.name
-  password = POSTGRES_PASSWORD
+  password = var.postgres_password
 }
 
 resource "google_sql_database" "database" {
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 8914951c7..b36faa21c 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -46,4 +46,9 @@ variable "db_version" {
 variable "db_tier" {
     type = string
     description = "Tier of CloudSQL in GCP"
-} 
\ No newline at end of file
+}
+
+variable "db_password" {
+    type = string
+    description = "Password for CloudSQL instance in GCP"
+}
\ No newline at end of file