Adding proxygen key ssm to terraform (#558)

robbailiff2 · web-flow · commit 098a38f9e840 · 2026-01-30T11:00:21.000Z
diff --git a/infrastructure/stacks/networking/ssm.tf b/infrastructure/stacks/networking/ssm.tf
@@ -1,15 +1,19 @@
-# resource "aws_ssm_parameter" "proxygen_private_key" {
-#   count = var.environment == "dev" ? 1 : 0
-#   name  = "/proxygen/private_key"
-#   type  = "SecureString"
-#   value = var.PROXYGEN_PRIVATE_KEY
-#   tier  = "Advanced"
-#
-#   tags = {
-#     Stack = local.stack_name
-#   }
-# }
-#
+resource "aws_ssm_parameter" "proxygen_private_key" {
+  name  = "/${var.environment}/proxygen/private_key"
+  type  = "SecureString"
+  key_id = aws_kms_key.networking_ssm_key.id
+  value = var.PROXYGEN_PRIVATE_KEY
+  tier  = "Advanced"
+
+  tags = {
+    Stack = local.stack_name
+  }
+
+  lifecycle {
+    ignore_changes = [value]
+  }
+}
+
 resource "aws_ssm_parameter" "mtls_api_ca_cert" {
   name   = "/${var.environment}/mtls/api_ca_cert"
   type   = "SecureString"
diff --git a/infrastructure/stacks/networking/variables.tf b/infrastructure/stacks/networking/variables.tf
@@ -13,3 +13,8 @@ variable "API_PRIVATE_KEY_CERT" {
   description = "The private key for the signed Client Certificate"
   sensitive   = true
 }
+variable "PROXYGEN_PRIVATE_KEY" {
+  type        = string
+  description = "The private key for Proxygen authentication"
+  sensitive   = true
+}

Original file line number	Diff line number	Diff line change
`@@ -13,3 +13,8 @@ variable "API_PRIVATE_KEY_CERT" {`
`13`	`13`	`description = "The private key for the signed Client Certificate"`
`14`	`14`	`sensitive = true`
`15`	`15`	`}`
	`16`	`+variable "PROXYGEN_PRIVATE_KEY" {`
	`17`	`+ type = string`
	`18`	`+ description = "The private key for Proxygen authentication"`
	`19`	`+ sensitive = true`
	`20`	`+}`