{"id":20757625,"url":"https://github.com/dodevops/terraform-azure-keyvault","last_synced_at":"2026-02-25T13:01:47.082Z","repository":{"id":39884762,"uuid":"364241598","full_name":"dodevops/terraform-azure-keyvault","owner":"dodevops","description":"Highly opinionaged management of keyvault resources in Azure","archived":false,"fork":false,"pushed_at":"2024-12-18T08:41:12.000Z","size":19,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-12-18T09:36:04.503Z","etag":null,"topics":["azurerm","azurerm-key-vault","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/dodevops/keyvault/azure/latest","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dodevops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-04T12:02:06.000Z","updated_at":"2024-12-18T08:40:47.000Z","dependencies_parsed_at":"2022-09-21T04:52:47.474Z","dependency_job_id":null,"html_url":"https://github.com/dodevops/terraform-azure-keyvault","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-keyvault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-keyvault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-keyvault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dodevops%2Fterraform-azure-keyvault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dodevops","download_url":"https://codeload.github.com/dodevops/terraform-azure-keyvault/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234465650,"owners_count":18837989,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azurerm","azurerm-key-vault","terraform-module"],"created_at":"2024-11-17T09:43:26.051Z","updated_at":"2025-09-27T22:32:14.833Z","avatar_url":"https://github.com/dodevops.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure Keyvault management\n\n## Introduction\n\nThis module manages a keyvault resource in Azure with the required permissions.\n\n## Usage\n\nInstantiate the module by calling it from Terraform like this:\n\n```hcl\nmodule \"azure-keyvault\" {\n  source = \"dodevops/keyvault/azure\"\n  version = \"\u003cversion\u003e\" \n  (...)\n}\n```\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\nThe following providers are used by this module:\n\n- azurerm\n\n## Modules\n\nNo modules.\n\n## Resources\n\nThe following resources are used by this module:\n\n- [azurerm_key_vault.keyvault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) (resource)\n- [azurerm_key_vault_access_policy.keyvault-access-policy-objectid-apps-createonly](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) (resource)\n- [azurerm_key_vault_access_policy.keyvault-access-policy-objectid-apps-fullaccess](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) (resource)\n- [azurerm_key_vault_access_policy.keyvault-access-policy-objectid-apps-readonly](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) (resource)\n- [azurerm_key_vault_access_policy.keyvault-access-policy-objectids-createonly](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) (resource)\n- [azurerm_key_vault_access_policy.keyvault-access-policy-objectids-fullaccess](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) (resource)\n- [azurerm_key_vault_access_policy.keyvault-access-policy-objectids-readonly](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) (resource)\n- [azurerm_monitor_diagnostic_setting.keyvaultaudit](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource)\n- [azurerm_storage_account.storageaccountkeyvaultaudit](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) (resource)\n\n## Required Inputs\n\nThe following input variables are required:\n\n### azure\\_tenant\\_id\n\nDescription: The tenant id used for azure\n\nType: `string`\n\n### location\n\nDescription: The azure location used for azure\n\nType: `string`\n\n### network\\_acls\\_ip\\_rules\n\nDescription: List of one or more IP Addresses, or CIDR Blocks which should be able to access the Key Vault. If default action is Allow this can be an empty list\n\nType: `list(string)`\n\n### network\\_acls\\_virtual\\_network\\_subnet\\_ids\n\nDescription: List of one or more Subnet IDs which should be able to access this Key Vault. If default action is Allow this can be an empty list\n\nType: `list(string)`\n\n### project\n\nDescription: Three letter project key\n\nType: `string`\n\n### resource\\_group\n\nDescription: Azure Resource Group to use\n\nType: `string`\n\n### stage\n\nDescription: Stage for this ressource group\n\nType: `string`\n\n## Optional Inputs\n\nThe following input variables are optional (have default values):\n\n### allowed\\_objectid\\_app\\_tuples\\_createonly\n\nDescription: A list of object IDs with allowed apps (in the form of \u003cobjectid\u003e:\u003capp\u003e) that are allowed to create (but not read or change) elements the keyvault\n\nType: `list(string)`\n\nDefault: `[]`\n\n### allowed\\_objectid\\_app\\_tuples\\_fullaccess\n\nDescription: A list of object IDs with allowed apps (in the form of \u003cobjectid\u003e:\u003capp\u003e) that are allowed to fully access the keyvault\n\nType: `list(string)`\n\nDefault: `[]`\n\n### allowed\\_objectid\\_app\\_tuples\\_readonly\n\nDescription: A list of object IDs with allowed apps (in the form of \u003cobjectid\u003e:\u003capp\u003e) that are allowed to read elements the keyvault\n\nType: `list(string)`\n\nDefault: `[]`\n\n### allowed\\_objectids\\_createonly\n\nDescription: A list of object IDs that are allowed to create (but not read or change) elements in the keyvault\n\nType: `list(string)`\n\nDefault: `[]`\n\n### allowed\\_objectids\\_fullaccess\n\nDescription: A list of object IDs that are allowed to fully access the keyvault elements (with all operations)\n\nType: `list(string)`\n\nDefault: `[]`\n\n### allowed\\_objectids\\_readonly\n\nDescription: A list of object IDs that are allowed to read elements in the keyvault\n\nType: `list(string)`\n\nDefault: `[]`\n\n### audit\\_retention\\_period\n\nDescription: Sets number of days to keep audit records, if audit is enabled\n\nType: `number`\n\nDefault: `365`\n\n### enable\\_audit\n\nDescription: Enable audit of keyvault changes\n\nType: `bool`\n\nDefault: `false`\n\n### network\\_acls\\_bypass\n\nDescription: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.\n\nType: `string`\n\nDefault: `\"None\"`\n\n### network\\_acls\\_default\\_action\n\nDescription: The Default Action to use when no rules match from ip\\_rules / virtual\\_network\\_subnet\\_ids. Possible values are Allow and Deny.\n\nType: `string`\n\nDefault: `\"Deny\"`\n\n### sku\n\nDescription: Keyvault sku\n\nType: `string`\n\nDefault: `\"standard\"`\n\n### soft\\_delete\\_retention\\_days\n\nDescription:  The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days\n\nType: `number`\n\nDefault: `14`\n\n### tags\n\nDescription: Map of tags for the resources\n\nType: `map(any)`\n\nDefault: `{}`\n\n## Outputs\n\nThe following outputs are exported:\n\n### vault\\_id\n\nDescription: n/a\n\u003c!-- END_TF_DOCS --\u003e\n\n## Development\n\nUse [terraform-docs](https://terraform-docs.io/) to generate the API documentation by running\n\n    terraform fmt .\n    terraform-docs .\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdodevops%2Fterraform-azure-keyvault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdodevops%2Fterraform-azure-keyvault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdodevops%2Fterraform-azure-keyvault/lists"}