Skip to content

Random password

Inputs

Name Description Type Default Required
create Set to true to generate a random password. Default value is true. bool true no
kms_key_id The KMS key ID or ARN to use for encrypting the SSM parameter. Required for RAM sharing. If null, uses the default AWS-managed key. string null no
length The length of the string desired. The minimum value for length is 1 and, length must also be >= (min_upper + min_lower + min_numeric + min_special). number n/a yes
lower Include lowercase alphabet characters in the result. Default value is true. bool true no
min_lower Minimum number of lowercase alphabet characters in the result. Default value is 0. number 0 no
min_numeric Minimum number of numeric characters in the result. Default value is 0. number 0 no
min_special Minimum number of special characters in the result. Default value is 0. number 0 no
min_upper Minimum number of uppercase alphabet characters in the result. Default value is 0. number 0 no
numeric Include numeric characters in the result. Default value is true. bool true no
override_special Supply your own list of special characters to use for string generation. This overrides the default character list in the special argument. The special argument must still be set to true for any overwritten characters to be used in generation. string null no
secret_path The path in store where the generated password will be stored. Default value is /passwords. string "/passwords" no
special Include special characters in the result. These are !@#$%&*()-_=+[]{}<>:?. Default value is true. bool true no
ssm_parameter_tier The tier of the SSM parameter. Valid values are Standard and Advanced. Advanced tier is required for RAM sharing. Default value is Standard. string "Standard" no
store_in_secretsmanager Store the generated password in AWS Secrets Manager. Default value is false. bool false no
store_in_ssm Store the generated password in AWS Systems Manager Parameter Store. Default value is false. bool false no
upper Include uppercase alphabet characters in the result. Default value is true. bool true no

Outputs

Name Description
bcrypt_hash A bcrypt hash of the generated random string. NOTE: If the generated random string is greater than 72 bytes in length, bcrypt_hash will contain a hash of the first 72 bytes.
result The generated random string.
secret_path The path to the generated random string in AWS SSM Parameter Store.
ssm_parameter_arn The ARN of the SSM parameter storing the generated password.