https://github.com/avinor/terraform-azurerm-key-vault

Terraform module to create a Key Vault in Azure
https://github.com/avinor/terraform-azurerm-key-vault

Last synced: 5 months ago
JSON representation

Terraform module to create a Key Vault in Azure

• Host: GitHub
• URL: https://github.com/avinor/terraform-azurerm-key-vault
• Owner: avinor
• License: apache-2.0
• Created: 2019-09-20T08:22:41.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2024-06-19T11:37:04.000Z (10 months ago)
• Last Synced: 2024-08-03T22:19:31.154Z (8 months ago)
• Language: HCL
• Size: 138 KB
• Stars: 4
• Watchers: 3
• Forks: 20
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• jimsghstars - avinor/terraform-azurerm-key-vault - Terraform module to create a Key Vault in Azure (HCL)

README

        
# Key vault

Terraform module to deploy an Azure Key Vault. It is more or less a simple wrapper around the key vault resource that enforce policies. It can also assign access policies using the `access_policies` variable.

## Usage

A simple example that deploys a key vault with no access policies.

Example uses [tau](https://github.com/avinor/tau) for deployment.

```terraform

module {

    source = "avinor/key-vault/azurerm"

    version = "1.0.0"

}

inputs {

    name = "simple"

    resource_group_name = "simple-kv-rg"

    location = "westeurope"

}

```

It is recommended the to assign access using the `access_policies`variable.

```terraform

module {

    source = "avinor/key-vault/azurerm"

    version = "1.0.0"

}

inputs {

    name = "simple"

    resource_group_name = "simple-kv-rg"

    location = "westeurope"

    access_policies = [

        {

            object_id = "0000-0000-0000"

            certificate_permissions = ["get"]

            key_permissions = ["get"]

            secret_permissions  = ["get"]

            storage_permissions = []

        }

    ]

}

```

## Diagnostics

Diagnostics settings can be sent to either storage account, event hub or Log Analytics workspace. The variable `diagnostics.destination` is the id of receiver, ie. storage account id, event namespace authorization rule id or log analytics resource id. Depending on what id is it will detect where to send. Unless using event namespace the `eventhub_name` is not required, just set to `null` for storage account and log analytics workspace.

Setting `all` in logs and metrics will send all possible diagnostics to destination. If not using `all` type name of categories to send.