Skip to content

Commit

Permalink
update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
clouddrove-ci committed Feb 2, 2023
1 parent 29c0310 commit 166136b
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ This module has a few dependencies:

### Simple Example
Here is an example of how you can use this module in your inventory structure:
#### key-vault with access policy
```hcl
module "key_vault" {
source = "clouddrove/key-vault/azure"
Expand All @@ -88,6 +89,27 @@ module "key_vault" {
access_policy = [{}]
}
```
#### key-vault with RBAC
```hcl
module "key_vault" {
source = "clouddrove/key-vault/azure"
name = "annkkdsovvdcc"
environment = "test"
label_order = ["name", "environment", ]
resource_group_name = module.resource_group.resource_group_name
purge_protection_enabled = false
enabled_for_disk_encryption = true
sku_name = "standard"
subnet_id = module.vnet.vnet_subnets[0]
virtual_network_id = module.vnet.vnet_id[0]
#private endpoint
enable_private_endpoint = true
##RBAC
enable_rbac_authorization = true
principal_id = ["71d1XXXXXXXXXXXXX166d7c97", "2fa59XXXXXXXXXXXXXX82716fb05"]
role_definition_name = ["Key Vault Administrator", ]
}
```



Expand All @@ -101,6 +123,7 @@ module "key_vault" {
| access\_policies | Map of access policies for an object\_id (user, service principal, security group) to backend. | <pre>list(object({<br> object_id = string,<br> certificate_permissions = list(string),<br> key_permissions = list(string),<br> secret_permissions = list(string),<br> storage_permissions = list(string),<br> }))</pre> | `[]` | no |
| access\_policy | Map of access policies for an object\_id (user, service principal, security group) to backend. | <pre>list(object({<br> object_id = string,<br> certificate_permissions = list(string),<br> key_permissions = list(string),<br> secret_permissions = list(string),<br> storage_permissions = list(string),<br> }))</pre> | `[]` | no |
| enable\_private\_endpoint | Manages a Private Endpoint to Azure database for MySQL | `bool` | `true` | no |
| enable\_rbac\_authorization | (Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. | `bool` | `false` | no |
| enabled | Set to false to prevent the module from creating any resources. | `bool` | `true` | no |
| enabled\_for\_disk\_encryption | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false | `bool` | `null` | no |
| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no |
Expand All @@ -112,9 +135,11 @@ module "key_vault" {
| network\_acls\_default\_action | The Default Action to use when no rules match from ip\_rules / virtual\_network\_subnet\_ids. Possible values are Allow and Deny. | `string` | `"Deny"` | no |
| network\_acls\_ip\_rules | (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Key Vault. | `list(string)` | `null` | no |
| network\_acls\_subnet\_ids | (Optional) One or more Subnet ID's which should be able to access this Key Vault. | `list(string)` | `null` | no |
| principal\_id | The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created. | `list(string)` | `[]` | no |
| purge\_protection\_enabled | Is Purge Protection enabled for this Key Vault? Defaults to false | `bool` | `null` | no |
| repository | Terraform current module repo | `string` | `""` | no |
| resource\_group\_name | A container that holds related resources for an Azure solution | `string` | `""` | no |
| role\_definition\_name | The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role\_definition\_id | `list(string)` | `[]` | no |
| secrets | List of secrets for be created | `map` | `{}` | no |
| sku\_name | The Name of the SKU used for this Key Vault. Possible values are standard and premium | `string` | `"standard"` | no |
| soft\_delete\_retention\_days | The number of days that items should be retained for once soft-deleted. The valid value can be between 7 and 90 days | `number` | `90` | no |
Expand Down

0 comments on commit 166136b

Please sign in to comment.