module "keyvault" {
source = "./"
name = var.name
location = var.location
resource_group_name = var.resource_group_name
sku_name = var.sku_name
tenant_id = data.azurerm_client_config.this.tenant_id
purge_protection_enabled = false
soft_delete_retention_days = var.soft_delete_retention_days
public_network_access_enabled = true
access_policy = [
{
object_id = data.azurerm_client_config.this.object_id
secret_permissions = [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
"List"
]
}
]
tags = {
"environment" = "example"
}
key_vault_secrets = {
"access-key" = {
value = "asdf1234"
}
}
}
| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| azurerm | >= 3.0.0 |
| Name | Version |
|---|---|
| azurerm | >= 3.0.0 |
No modules.
| Name | Type |
|---|---|
| azurerm_key_vault.this | resource |
| azurerm_key_vault_access_policy.this | resource |
| azurerm_key_vault_key.this | resource |
| azurerm_key_vault_secret.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_policy | (Optional) A list of up to 1024 objects describing access policies | any |
[] |
no |
| contact | (Optional) One or more contact block | any |
[] |
no |
| create_kv | Do you want to crete Azure Key Vault | bool |
true |
no |
| enable_rbac_authorization | (Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. | bool |
false |
no |
| enabled_for_deployment | (Optional) Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
false |
no |
| enabled_for_disk_encryption | (Optional) Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
true |
no |
| enabled_for_template_deployment | (Optional) Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
false |
no |
| key_vault_id | (Optional) The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. | string |
null |
no |
| key_vault_keys | (Optional) map of keys | any |
{} |
no |
| key_vault_secrets | (Optional) map of Name and values | any |
{} |
no |
| kv_access_policy | (Optional) KV access polieis | any |
{} |
no |
| location | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | string |
n/a | yes |
| name | (Required) Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name. | string |
n/a | yes |
| network_acls | (Optional) A network_acls block | any |
[] |
no |
| public_network_access_enabled | (Optional) Whether public network access is allowed for this Key Vault. Defaults to false. | bool |
false |
no |
| purge_protection_enabled | (Optional) Is Purge Protection enabled for this Key Vault? | bool |
true |
no |
| resource_group_name | (Required) The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created. | string |
n/a | yes |
| sku_name | (Required) The Name of the SKU used for this Key Vault. Possible values are standard and premium. | string |
n/a | yes |
| soft_delete_retention_days | (Optional) The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days. | number |
7 |
no |
| tags | (Optional) A mapping of tags to assign to the resource. | map(string) |
{} |
no |
| tenant_id | (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string |
n/a | yes |
| Name | Description |
|---|---|
| id | The ID of the Key Vault. |
| kv_key_ids | The Key Vault Key IDs |
| vault_uri | The URI of the Key Vault, used for performing operations on keys and secrets. |