infrastructure with aws cdk

infrastructure/cdk/lib/secrets-stack.ts

@@ -0,0 +1,87 @@
+import * as cdk from "aws-cdk-lib";
+import * as secretsmanager from "aws-cdk-lib/aws-secretsmanager";
+import { Construct } from "constructs";
+
+interface SecretsStackProps extends cdk.StackProps {
+  /**
+   * Environment name (dev, staging, prod)
+   */
+  environment: string;
+
+  /**
+   * Database username (default: rentall_admin)
+   */
+  dbUsername?: string;
+}
+
+export class SecretsStack extends cdk.Stack {
+  /**
+   * Database credentials secret
+   */
+  public readonly databaseSecret: secretsmanager.Secret;
+
+  /**
+   * Application secrets (JWT, etc.)
+   */
+  public readonly appSecret: secretsmanager.Secret;
+
+  constructor(scope: Construct, id: string, props: SecretsStackProps) {
+    super(scope, id, props);
+
+    const { environment, dbUsername = "rentall_admin" } = props;
+
+    // Database credentials secret with auto-generated password
+    this.databaseSecret = new secretsmanager.Secret(this, "DatabaseSecret", {
+      secretName: `rentall/${environment}/database`,
+      description: `Database credentials for rentall ${environment} environment`,
+      generateSecretString: {
+        secretStringTemplate: JSON.stringify({
+          username: dbUsername,
+        }),
+        generateStringKey: "password",
+        excludePunctuation: true,
+        excludeCharacters: '/@"\'\\',
+        passwordLength: 32,
+      },
+    });
+
+    // Application secrets (JWT secret, etc.)
+    this.appSecret = new secretsmanager.Secret(this, "AppSecret", {
+      secretName: `rentall/${environment}/app`,
+      description: `Application secrets for rentall ${environment} environment`,
+      generateSecretString: {
+        secretStringTemplate: JSON.stringify({
+          // Add any additional app secrets here
+        }),
+        generateStringKey: "jwtSecret",
+        excludePunctuation: false,
+        passwordLength: 64,
+      },
+    });
+
+    // Outputs
+    new cdk.CfnOutput(this, "DatabaseSecretArn", {
+      value: this.databaseSecret.secretArn,
+      description: "Database credentials secret ARN",
+      exportName: `DatabaseSecretArn-${environment}`,
+    });
+
+    new cdk.CfnOutput(this, "DatabaseSecretName", {
+      value: this.databaseSecret.secretName,
+      description: "Database credentials secret name",
+      exportName: `DatabaseSecretName-${environment}`,
+    });
+
+    new cdk.CfnOutput(this, "AppSecretArn", {
+      value: this.appSecret.secretArn,
+      description: "Application secrets ARN",
+      exportName: `AppSecretArn-${environment}`,
+    });
+
+    new cdk.CfnOutput(this, "AppSecretName", {
+      value: this.appSecret.secretName,
+      description: "Application secrets name",
+      exportName: `AppSecretName-${environment}`,
+    });
+  }
+}