Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/avidhara/terraform-azurerm-keyvault

Terraform module for Azure Key Vault
https://github.com/avidhara/terraform-azurerm-keyvault

azure key-vault terraform terraform-azure terraform-azurerm terraform-module terraform-modules

Last synced: 3 months ago
JSON representation

Terraform module for Azure Key Vault

Awesome Lists containing this project

README 

        

# Terraform module for Azure Key-Vault [![Static security analysis for Terraform](https://github.com/ionicloud/terraform-azurerm-keyvault/actions/workflows/checkov.yml/badge.svg)](https://github.com/ionicloud/terraform-azurerm-keyvault/actions/workflows/checkov.yml)



## How to use it as a module



```hcl

module "keyvault" {

  source  = "./"

  

  name                          = var.name

  location                      = var.location

  resource_group_name           = var.resource_group_name

  sku_name                      = var.sku_name

  tenant_id                     = data.azurerm_client_config.this.tenant_id

  purge_protection_enabled      = false

  soft_delete_retention_days    = var.soft_delete_retention_days

  public_network_access_enabled = true



  access_policy = [

    {

      object_id = data.azurerm_client_config.this.object_id

      secret_permissions = [

        "Set",

        "Get",

        "Delete",

        "Purge",

        "Recover",

        "List"

      ]

    }

  ]

  tags = {

    "environment" = "example"

  }



  key_vault_secrets = {

    "access-key" = {

      value = "asdf1234"

    }

  }



}



```



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.13.1 |

|  [azurerm](#requirement\_azurerm) | >= 3.0.0 |



## Providers



| Name | Version |

|------|---------|

|  [azurerm](#provider\_azurerm) | >= 3.0.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [azurerm_key_vault.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |

| [azurerm_key_vault_access_policy.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |

| [azurerm_key_vault_key.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource |

| [azurerm_key_vault_secret.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [access\_policy](#input\_access\_policy) | (Optional) A list of up to 1024 objects describing access policies | `any` | `[]` | no |

|  [contact](#input\_contact) | (Optional) One or more contact block | `any` | `[]` | no |

|  [create\_kv](#input\_create\_kv) | Do you want to crete Azure Key Vault | `bool` | `true` | no |

|  [enable\_rbac\_authorization](#input\_enable\_rbac\_authorization) | (Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. | `bool` | `false` | no |

|  [enabled\_for\_deployment](#input\_enabled\_for\_deployment) | (Optional) Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | `bool` | `false` | no |

|  [enabled\_for\_disk\_encryption](#input\_enabled\_for\_disk\_encryption) | (Optional) Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | `bool` | `true` | no |

|  [enabled\_for\_template\_deployment](#input\_enabled\_for\_template\_deployment) | (Optional) Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | `bool` | `false` | no |

|  [key\_vault\_id](#input\_key\_vault\_id) | (Optional) The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. | `string` | `null` | no |

|  [key\_vault\_keys](#input\_key\_vault\_keys) | (Optional) map of keys | `any` | `{}` | no |

|  [key\_vault\_secrets](#input\_key\_vault\_secrets) | (Optional) map of Name and values | `any` | `{}` | no |

|  [kv\_access\_policy](#input\_kv\_access\_policy) | (Optional) KV access polieis | `any` | `{}` | no |

|  [location](#input\_location) | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `string` | n/a | yes |

|  [name](#input\_name) | (Required) Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name. | `string` | n/a | yes |

|  [network\_acls](#input\_network\_acls) | (Optional) A network\_acls block | `any` | `[]` | no |

|  [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | (Optional) Whether public network access is allowed for this Key Vault. Defaults to false. | `bool` | `false` | no |

|  [purge\_protection\_enabled](#input\_purge\_protection\_enabled) | (Optional) Is Purge Protection enabled for this Key Vault? | `bool` | `true` | no |

|  [resource\_group\_name](#input\_resource\_group\_name) | (Required) The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created. | `string` | n/a | yes |

|  [sku\_name](#input\_sku\_name) | (Required) The Name of the SKU used for this Key Vault. Possible values are standard and premium. | `string` | n/a | yes |

|  [soft\_delete\_retention\_days](#input\_soft\_delete\_retention\_days) | (Optional) The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days. | `number` | `7` | no |

|  [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | `{}` | no |

|  [tenant\_id](#input\_tenant\_id) | (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | `string` | n/a | yes |



## Outputs



| Name | Description |

|------|-------------|

|  [id](#output\_id) | The ID of the Key Vault. |

|  [kv\_key\_ids](#output\_kv\_key\_ids) | The Key Vault Key IDs |

|  [vault\_uri](#output\_vault\_uri) | The URI of the Key Vault, used for performing operations on keys and secrets. |