https://github.com/argodevops/terraform-azurerm-key-vault
Argo Azure Key Vault Module
https://github.com/argodevops/terraform-azurerm-key-vault
azure keyvault terraform
Last synced: 22 days ago
JSON representation
Argo Azure Key Vault Module
- Host: GitHub
- URL: https://github.com/argodevops/terraform-azurerm-key-vault
- Owner: argodevops
- Created: 2023-04-01T09:12:44.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-04-11T15:21:06.000Z (about 3 years ago)
- Last Synced: 2026-04-02T02:34:50.608Z (2 months ago)
- Topics: azure, keyvault, terraform
- Language: HCL
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.4.0 |
| [azurerm](#requirement\_azurerm) | ~> 3.51.0 |
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | ~> 3.51.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_key_vault.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
| [azurerm_key_vault_access_policy.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_monitor_diagnostic_setting.keyvault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
| [azurerm_resource_group.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_monitor_diagnostic_categories.default](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_diagnostic_categories) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_policies](#input\_access\_policies) | Map of access policies for an object\_id (user, service principal, security group) to backend. |
list(object({
object_id = string,
certificate_permissions = list(string),
key_permissions = list(string),
secret_permissions = list(string),
storage_permissions = list(string),
})) | `[]` | no |
| [diagnostics](#input\_diagnostics) | Diagnostic settings for those resources that support it. See README.md for details on configuration. | object({
destination = string,
eventhub_name = string,
logs = list(string),
metrics = list(string)
}) | `null` | no |
| [enabled\_for\_deployment](#input\_enabled\_for\_deployment) | Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to `false`. | `bool` | `false` | no |
| [enabled\_for\_disk\_encryption](#input\_enabled\_for\_disk\_encryption) | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to `false`. | `bool` | `false` | no |
| [enabled\_for\_template\_deployment](#input\_enabled\_for\_template\_deployment) | Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to `false`. | `bool` | `false` | no |
| [location](#input\_location) | Azure location where resources should be deployed. | `any` | n/a | yes |
| [name](#input\_name) | Name of key vault account. | `any` | n/a | yes |
| [network\_acls](#input\_network\_acls) | Network rules to apply to key vault. | object({
bypass = string,
default_action = string,
ip_rules = list(string),
virtual_network_subnet_ids = list(string),
}) | `null` | no |
| [resource\_group\_name](#input\_resource\_group\_name) | Name of resource group to deploy resources in. | `any` | n/a | yes |
| [sku\_name](#input\_sku\_name) | The Name of the SKU used for this Key Vault. Possible values are `standard` and `premium`. | `string` | `"standard"` | no |
| [soft\_delete\_retention\_days](#input\_soft\_delete\_retention\_days) | The number of days that items should be retained for once soft-deleted. | `number` | `7` | no |
| [tags](#input\_tags) | Tags to apply to all resources created. | `map(string)` | `{}` | no |
## Outputs
| Name | Description |
|------|-------------|
| [id](#output\_id) | The ID of the Key Vault. |
| [name](#output\_name) | Name of key vault created. |
| [vault\_uri](#output\_vault\_uri) | The URI of the Key Vault, used for performing operations on keys and secrets. |