This Terraform module deploys a Key Vautl to Azure with a access policies and secrets passed as inputs
This module also has the option to create a Resource Group for the Key Vault, althought I recommend creating it manually since destruction of the Resource Group with terraform destroy
can potientially cause destruction of other resources in the Resource Group beside the Key Vault
module "keyvault" {
source = "jungopro/keyvault-advanced/azurerm"
resource_group_name = "myKeyVaultResourceGroup"
location = "westeurope"
tags = {
environment = "dev"
}
}
module "keyvault" {
source = "jungopro/keyvault-advanced/azurerm"
resource_group_name = "myKeyVaultResourceGroup"
location = "westeurope"
tags = {
environment = "dev"
}
policies = {
full = {
tenant_id = "<ADD-TENANT-ID"
object_id = "<ADD-OBJECT-ID>"
key_permissions = [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
]
secret_permissions = [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
]
certificate_permissions = [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"purge",
"recover",
"setissuers",
"update",
"backup",
"restore",
]
}
read = {
tenant_id = "<ADD-TENANT-ID"
object_id = "<ADD-OBJECT-ID>"
key_permissions = [
"get",
"list",
]
secret_permissions = [
"get",
"list",
]
certificate_permissions = [
"get",
"getissuers",
"list",
"listissuers",
]
}
}
secrets = {
foo = {
value = "" # setting to "" will auto generate a random value
}
bar = {
value = "mysecretvalue" #
}
}
}
Originally created by Omer Barel
MIT