| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 2.x.x | >= 1.3.x | >= 3.69.0 |
| >= 1.x.x | >= 0.13.x | >= 2.34.0 |
The following parameters are supported:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Specifies the name of the Key Vault. Changing this forces a new resource to be created. | string |
n/a | yes |
| resource_group_name | The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created. | string |
n/a | yes |
| location | The location/region where the Key Vault is created. | string |
n/a | yes |
| tags | A mapping of tags to assign to the resource. | map(string) |
{} |
no |
| sku_name | The Name of the SKU used for this Key Vault. Possible values are standard and premium. | string |
n/a | yes |
| tenant_id | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string |
n/a | yes |
| soft_delete_retention_days | The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. | number |
90 |
no |
| purge_protection_enabled | Is Purge Protection enabled for this Key Vault? | bool |
false |
no |
| enabled_for_deployment | Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
false |
no |
| enabled_for_disk_encryption | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
false |
no |
| enabled_for_template_deployment | Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
false |
no |
| enable_rbac_authorization | Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. | bool |
false |
no |
| access_policies | List of objects that represent the configuration of each access policies. | list(object({})) |
[] |
no |
| keys | List of objects that represent the configuration of each key. | list(object({})) |
[] |
no |
| secrets | List of objects that represent the configuration of each secrect. | list(object({})) |
[] |
no |
| contacts | List of objects that represent each contact. | list(object({})) |
[] |
no |
The access_policies supports the following:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| object_id | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string |
n/a | yes |
| application_id | The object ID of an Application in Azure Active Directory. | string |
null |
no |
| key_permissions | List of certificate permissions, must be one or more from the following: Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, Decrypt, Encrypt, UnwrapKey, WrapKey, Verify, Sign and Purge. |
list(string) |
[] |
no |
| secret_permissions | List of key permissions, must be one or more from the following: Get, List, Set, Delete, Recover, Backup, Restore and Purge. |
list(string) |
[] |
no |
| certificate_permissions | List of certificate permissions, must be one or more from the following: Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, GetIssuers, SetIssuers, ListIssuers, DeleteIssuers, ManageContacts, ManageIssuers and Purge. |
list(string) |
[] |
no |
| storage_permissions | List of storage permissions, must be one or more from the following: Get, List, Update, Set, Delete, Recover, Backup, Restore, GetSAS, ListSAS, SetSAS, DeleteSAS, RegenerateKey and Purge. |
list(string) |
[] |
no |
The keys supports the following:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Specifies the name of the Key Vault Key. | string |
n/a | yes |
| key_type | Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. |
number |
n/a | yes |
| key_size | Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. |
string |
null |
no |
| curve | Specifies the curve to use when creating an EC key. Possible values are: P-256, P-384, P-521 and SECP256K1. |
string |
null |
no |
| key_opts | A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. |
list(string) |
[] |
yes |
| not_before_date | Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). | string |
null |
no |
| expiration_date | Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). | string |
null |
no |
The secrets supports the following:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Specifies the name of the Key Vault Secret. | string |
n/a | yes |
| value | Specifies the value of the Key Vault Secret. | string |
null |
yes |
| content_type | Specifies the content type for the Key Vault Secret. | string |
null |
no |
| not_before_date | Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). | string |
null |
no |
| expiration_date | Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). | string |
null |
yes |
The contacts supports the following:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| E-mail address of the contact. | string |
n/a | yes | |
| name | Name of the contact. | string |
null |
no |
| phone | Phone number of the contact. | string |
null |
no |
The following outputs are exported:
| Name | Description | Sensitive |
|---|---|---|
| id | The virtual network configuration ID. | no |
| name | The name of the virtual network. | no |
| resource_group_name | The name of the resource group in which to create the virtual network. | no |
| location | The location/region where the virtual network is created. | no |
| tags | The tags assigned to the resource. | no |
| contacts | Blocks containing each contact. | no |
| access_policies | Blocks containing configuration of each access policy. | no |
| keys | Blocks containing configuration of each key. | no |
| secrets | Blocks containing configuration of each secret. | no |