From 5488f00d5b1bace99c70dbfec707ed21fddc684c Mon Sep 17 00:00:00 2001
From: nourshoreibah <nour17372@icloud.com>
Date: Thu, 29 Jan 2026 00:03:28 -0500
Subject: [PATCH] add secrets

---
 infrastructure/aws/cognito.tf | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/infrastructure/aws/cognito.tf b/infrastructure/aws/cognito.tf
index bca5c6a..73eee29 100644
--- a/infrastructure/aws/cognito.tf
+++ b/infrastructure/aws/cognito.tf
@@ -117,10 +117,23 @@ resource "aws_cognito_user_pool_client" "branch_client" {
   enable_propagate_additional_user_context_data = false
 }
 
-# Outputs for use in lambdas
-output "cognito_user_pool_id" {
-  value       = aws_cognito_user_pool.branch_user_pool.id
-  description = "Cognito User Pool ID"
+# Store Cognito values in Infisical
+resource "infisical_secret" "cognito_user_pool_id" {
+  env_slug     = "dev"
+  workspace_id = var.infisical_workspace_id
+  folder_path  = "/aws/cognito"
+
+  secret_name  = "user_pool_id"
+  secret_value = aws_cognito_user_pool.branch_user_pool.id
+}
+
+resource "infisical_secret" "cognito_client_id" {
+  env_slug     = "dev"
+  workspace_id = var.infisical_workspace_id
+  folder_path  = "/aws/cognito"
+
+  secret_name  = "client_id"
+  secret_value = aws_cognito_user_pool_client.branch_client.id
 }
 
 output "cognito_user_pool_arn" {
@@ -133,12 +146,6 @@ output "cognito_user_pool_endpoint" {
   description = "Cognito User Pool Endpoint"
 }
 
-output "cognito_client_id" {
-  value       = aws_cognito_user_pool_client.branch_client.id
-  description = "Cognito User Pool Client ID"
-  sensitive   = true
-}
-
 output "cognito_region" {
   value       = "us-east-2"
   description = "AWS Region for Cognito"