Module Secret Manager IAM This optional module is used to assign secrets roles Usage module "secret_manager_iam" { source = "terraform-google-modules/iam/google//modules/secret_manager_iam" project = "gcp-project-id" secrets = ["my-secret"] mode = "additive" bindings = { "roles/secretmanager.secretAccessor" = [ "serviceAccount:my-sa@my-project.iam.gserviceaccount.com", "group:my-group@my-org.com" ] "roles/secretmanager.viewer" = [ "user:my-user@my-org.com" ] } conditional_bindings = [ { role = "roles/secretmanager.admin" title = "expires_after_2021_12_31" description = "Expiring at midnight of 2021-12-31" expression = "request.time < timestamp(\"2022-01-01T00:00:00Z\")" members = ["user:my-user@my-org.com"] } ] } Inputs Name Description Type Default Required bindings Map of role (key) and list of members (value) to add the IAM policies/bindings map(any) n/a yes conditional_bindings List of maps of role and respective conditions, and the members to add the IAM policies/bindings list(object({ role = string title = string description = string expression = string members = list(string) })) [] no mode Mode for adding the IAM policies/bindings, additive and authoritative string "additive" no project Project to add the IAM policies/bindings string "" no secrets Secret Manager Secrets list to add the IAM policies/bindings list(string) [] no Outputs Name Description members Members which were bound to the Secret Manager Secrets. roles Roles which were assigned to members. secrets Secret Manager Secrets which received for bindings.