diff --git a/modules/iam-user/README.md b/modules/iam-user/README.md
index 1d6a2fc4..39d134e8 100644
--- a/modules/iam-user/README.md
+++ b/modules/iam-user/README.md
@@ -15,8 +15,10 @@ When `pgp_key` is specified as `keybase:username`, make sure that that user has
This module outputs commands and PGP messages which can be decrypted either using [keybase.io web-site](https://keybase.io/decrypt) or using command line to get user's password and user's secret key:
- `keybase_password_decrypt_command`
- `keybase_secret_key_decrypt_command`
+- `keybase_ses_smtp_password_v4_decrypt_command`
- `keybase_password_pgp_message`
- `keybase_secret_key_pgp_message`
+- `keybase_ses_smtp_password_v4_pgp_message`
## Requirements
@@ -70,6 +72,7 @@ No modules.
| Name | Description |
|------|-------------|
| [iam\_access\_key\_encrypted\_secret](#output\_iam\_access\_key\_encrypted\_secret) | The encrypted secret, base64 encoded |
+| [iam\_access\_key\_encrypted\_ses\_smtp\_password\_v4](#output\_iam\_access\_key\_encrypted\_ses\_smtp\_password\_v4) | The encrypted secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm |
| [iam\_access\_key\_id](#output\_iam\_access\_key\_id) | The access key ID |
| [iam\_access\_key\_key\_fingerprint](#output\_iam\_access\_key\_key\_fingerprint) | The fingerprint of the PGP key used to encrypt the secret |
| [iam\_access\_key\_secret](#output\_iam\_access\_key\_secret) | The access key secret |
@@ -87,5 +90,7 @@ No modules.
| [keybase\_password\_pgp\_message](#output\_keybase\_password\_pgp\_message) | Encrypted password |
| [keybase\_secret\_key\_decrypt\_command](#output\_keybase\_secret\_key\_decrypt\_command) | Decrypt access secret key command |
| [keybase\_secret\_key\_pgp\_message](#output\_keybase\_secret\_key\_pgp\_message) | Encrypted access secret key |
+| [keybase\_ses\_smtp\_password\_v4\_decrypt\_command](#output\_keybase\_ses\_smtp\_password\_v4\_decrypt\_command) | Decrypt SES SMTP password command |
+| [keybase\_ses\_smtp\_password\_v4\_pgp\_message](#output\_keybase\_ses\_smtp\_password\_v4\_pgp\_message) | Encrypted SES SMTP password |
| [pgp\_key](#output\_pgp\_key) | PGP key used to encrypt sensitive data for this user (if empty - secrets are not encrypted) |
diff --git a/modules/iam-user/outputs.tf b/modules/iam-user/outputs.tf
index a7ed0f9d..7a1167ea 100644
--- a/modules/iam-user/outputs.tf
+++ b/modules/iam-user/outputs.tf
@@ -57,10 +57,15 @@ output "iam_access_key_encrypted_secret" {
output "iam_access_key_ses_smtp_password_v4" {
description = "The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm"
- value = try(aws_iam_access_key.this[0].ses_smtp_password_v4, aws_iam_access_key.this_no_pgp[0].ses_smtp_password_v4, "")
+ value = try(aws_iam_access_key.this_no_pgp[0].ses_smtp_password_v4, "")
sensitive = true
}
+output "iam_access_key_encrypted_ses_smtp_password_v4" {
+ description = "The encrypted secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm"
+ value = try(aws_iam_access_key.this[0].encrypted_ses_smtp_password_v4, "")
+}
+
output "iam_access_key_status" {
description = "Active or Inactive. Keys are initially active, but can be made inactive by other means."
value = try(aws_iam_access_key.this[0].status, aws_iam_access_key.this_no_pgp[0].status, "")
@@ -113,6 +118,27 @@ EOF
}
+output "keybase_ses_smtp_password_v4_decrypt_command" {
+ description = "Decrypt SES SMTP password command"
+ value = !local.has_encrypted_secret ? null : <