Terraform module for Azure Key-Vault

How to use it as a module

module "keyvault" {
  source  = "./"
  
  name                          = var.name
  location                      = var.location
  resource_group_name           = var.resource_group_name
  sku_name                      = var.sku_name
  tenant_id                     = data.azurerm_client_config.this.tenant_id
  purge_protection_enabled      = false
  soft_delete_retention_days    = var.soft_delete_retention_days
  public_network_access_enabled = true

  access_policy = [
    {
      object_id = data.azurerm_client_config.this.object_id
      secret_permissions = [
        "Set",
        "Get",
        "Delete",
        "Purge",
        "Recover",
        "List"
      ]
    }
  ]
  tags = {
    "environment" = "example"
  }

  key_vault_secrets = {
    "access-key" = {
      value = "asdf1234"
    }
  }

}

Requirements

Name	Version
terraform	>= 0.13.1
azurerm	>= 3.0.0

Providers

Name	Version
azurerm	>= 3.0.0

Modules

No modules.

Resources

Name	Type
azurerm_key_vault.this	resource
azurerm_key_vault_access_policy.this	resource
azurerm_key_vault_key.this	resource
azurerm_key_vault_secret.this	resource

Inputs

Name	Description	Type	Default	Required
access_policy	(Optional) A list of up to 1024 objects describing access policies	any	[]	no
contact	(Optional) One or more contact block	any	[]	no
create_kv	Do you want to crete Azure Key Vault	bool	true	no
enable_rbac_authorization	(Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions.	bool	false	no
enabled_for_deployment	(Optional) Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.	bool	false	no
enabled_for_disk_encryption	(Optional) Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.	bool	true	no
enabled_for_template_deployment	(Optional) Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.	bool	false	no
key_vault_id	(Optional) The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.	string	null	no
key_vault_keys	(Optional) map of keys	any	{}	no
key_vault_secrets	(Optional) map of Name and values	any	{}	no
kv_access_policy	(Optional) KV access polieis	any	{}	no
location	(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.	string	n/a	yes
name	(Required) Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name.	string	n/a	yes
network_acls	(Optional) A network_acls block	any	[]	no
public_network_access_enabled	(Optional) Whether public network access is allowed for this Key Vault. Defaults to false.	bool	false	no
purge_protection_enabled	(Optional) Is Purge Protection enabled for this Key Vault?	bool	true	no
resource_group_name	(Required) The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.	string	n/a	yes
sku_name	(Required) The Name of the SKU used for this Key Vault. Possible values are standard and premium.	string	n/a	yes
soft_delete_retention_days	(Optional) The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days.	number	7	no
tags	(Optional) A mapping of tags to assign to the resource.	map(string)	{}	no
tenant_id	(Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.	string	n/a	yes

Outputs

Name	Description
id	The ID of the Key Vault.
kv_key_ids	The Key Vault Key IDs
vault_uri	The URI of the Key Vault, used for performing operations on keys and secrets.