Terraform module to deploy a key vault with defaults, and optionaly some customer managed keys keys.
Name | Version |
---|---|
terraform | >= 1.7 |
azurerm | >= 4 |
Name | Version |
---|---|
azurerm | 4.3.0 |
No modules.
Name | Type |
---|---|
azurerm_key_vault.this | resource |
azurerm_key_vault_key.cmkrsa | resource |
azurerm_key_vault_key.this | resource |
azurerm_role_assignment.this | resource |
azurerm_client_config.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
key_vault | This object describes the configuration for an Azure Key Vault. The following arguments are supported: - name - (Required) The name of the Key Vault.- tenant_id - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the Key Vault.- resource_group_name - (Optional) The name of the resource group in which to create the Key Vault. If not provided, the resource group of the calling module will be used.- location - (Optional) The location of the Key Vault. If not provided, the location of the calling module will be used.- enabled_for_disk_encryption - (Optional) Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.- enabled_for_deployment - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.- enabled_for_template_deployment - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.- enable_rbac_authorization - (Optional) Specifies whether Azure RBAC is permitted to retrieve secrets from the vault.- purge_protection - (Optional) Specifies whether protection against purge is enabled for this Key Vault.- soft_delete_retention_days - (Optional) The number of days that items should be retained for once soft deleted.- sku - (Optional) The SKU of the Key Vault.- ip_rules - (Optional) List of IP addresses that are permitted to access the key vault.- subnet_id - (Optional) List of subnet IDs that are permitted to access the key vault.- network_bypass - (Optional) Specifies which traffic can bypass the network rules.- cmkrsa_keyname - (Optional) The name of the customer managed key with RSA algorithm to create.- cmkec_keyname - (Optional) The name of the customer managed key with EC algorithm to create.- cmk_keys_create - (Optional) Specifies whether to create custom managed keys.Example Inputs: hcl |
object({ |
n/a | yes |
tags | A mapping of tags to assign to the resources. | map(string) |
n/a | yes |
key_vault_key | This map describes the configuration for Azure Key Vault keys. - key_vault_id - (Required) The ID of the Key Vault.- key_type - (Required) The type of the key.- key_size - (Required) The size of the key.- key_opts - (Required) The key operations that are permitted.Example Inputs: hcl |
map(object({ |
null |
no |
Name | Description |
---|---|
key_vault_cmkrsa_id | CMK RSA Key ID |
key_vault_cmkrsa_keyname | CMK RSA Key Name |
key_vault_id | n/a |
key_vault_name | n/a |
key_vault_uri | n/a |
Copyright: Schuberg Philis
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.