You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ravi.periketi 5a3880a95c Merge pull request 'update provider version' (#3) from update/provider into master 7 months ago
examples Update CHGANGELO.md and fix pre-commit 7 months ago
.gitignore initial commit 10 months ago
.pre-commit-config.yaml update provider version 7 months ago
CHANGELOG.md Update CHGANGELO.md and fix pre-commit 7 months ago
Jenkinsfile test new crdentials 9 months ago
LICENSE fix issues 9 months ago
README.md Update CHGANGELO.md and fix pre-commit 7 months ago
data.tf Update README and update variable descriptions 9 months ago
main.tf add policy dependency 9 months ago
outputs.tf Add outputs and fix README 9 months ago
variables.tf Update README and update variable descriptions 9 months ago
versions.tf update provider version 7 months ago

README.md

terraform-module-azurerm-key-vault

Usage

See examples folders for usage of this module.

Limitation

  • Any call to this module will create resources in a single resource group
  • Cannot Import the existing Certificate to the Key Vault. Will be implemented soon.

Requirements

Name Version
terraform >= 0.12
azurerm >= 2.0.0

Providers

Name Version
azurerm >= 2.0.0
random n/a

Inputs

Name Description Type Default Required
action_types List of type of action to be performed when the lifetime trigger is triggerec.possible values include Autorenew & EmailContacts. changing this forces a new resource to be created. list(string)
[
““
]
no
admin_policy_enabled Boolean flag which describes whether to enable the default admin policy or not. bool false no
certificate_enabled Boolean flag which describes whether to enable the Key Vault certificate or not. bool false no
certificate_names List of Key Vault certificate names. Changing will force to create new Key Vault certificate. list(string) [] no
certificate_tags Tag that will be added to the certificate. map {} no
content_types List of content-type of the certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. list(string)
[
““
]
no
days_before_expiry List of number of days before the certificate expires that the action associated with this Trigger should run.changing this forces a new resource to be created. list(number)
[
30
]
no
enabled Enable or disable module bool true no
enabled_for_deployment Boolean flag to specify whether Azure VM's are permitted to retrive certificate stored as secret from Key Vault. bool false no
enabled_for_disk_encryption Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. bool false no
enabled_for_template_deployment Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the Key Vault. bool false no
exportable Boolean flag which define is this Certificate Exportable or not. list(bool)
[
false
]
no
ip_rules One or more IP Addresses, or CIDR Blocks which should be able to access the Key Vault. list(string) [] no
issuer_names List of Certificate Issuer names. Possible values ( Self(for self-signed) or unknown(for a certificate issuing authority like Let's Encrypt and Azure direct supported one. ) list(string) [] no
key_sizes List of key sizes of the key used to create certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created. list(string)
[
““
]
no
key_types List of type of the key wich will be created such as RSA. changing this forces a new resourceto be created. list(string)
[
““
]
no
key_vault_key_tags Tags to add to the Key Vault_key map {} no
key_vault_keys List of keys which will be created for the Key Vault. Changing this will force to create new key to the Key Vault.
list(object({
name = string
key_type = string
key_size = string
key_opts = list(string)
curve = string
}))
[] no
key_vault_keys_enabled Boolean flag which describes whether to enable to Key Vault keys or not. bool false no
key_vault_name Specifies the name of the Key Vault. Changing this forces a new resource to be created. string "" no
key_vault_secret_tags Tag that will be added to the Key Vault secret map {} no
key_vault_secrets List of Key Valut secret names. Changing this will force to create new secret in the Key Vault. list(string)
[
““
]
no
key_vault_tags List of tags to which will be added to the Key Vault. map {} no
location specifiies the loaction where the Key Vault will be created. changing this will force to created new resource. string "" no
network_acls One or more network acls associated to the Key Vault. Please check the terraform docs for the possible value https://www.terraform.io/docs/providers/azurerm/r/key_vault_certificate.html list(object({ bypass = string, default_action = string, ip_rules = list(string), virtual_network_subnet_ids = list(string) })) [] no
policies List of policies which will be created for the Key Vault. Changing this will force to create new policy to the Key Vault.
list(object({
tenant_id = string
object_id = string
key_permissions = list(string)
secret_permissions = list(string)
certificate_permissions = list(string)
}))
[] no
resource_group_name Specifies name of the resource group in which the rsource will be created. string "" no
reuse_key Boolean flag which describes whether to use the existing key again or not list(bool)
[
false
]
no
secret_enabled Boolean flag which specify whether to create the secret in the key valut or not. bool false no
sku_name The name of the SKU used for the Key Vault. Possible values are standard and premium. string "standard" no
tags Tags shared by all resources of this module. Will be merged with any other specific tags by resource map {} no
values List of Key Vault secret that will cretaed. changing this will force to create new Key Vault secret. list(string)
[
““
]
no

Outputs

Name Description
key_vault_admin_policy_ids IDs of the default admins policy.
key_vault_certificate_ids IDs of the Key vault certificates.
key_vault_ids IDs of the Key vVult
key_vault_key_ids IDs of the Key Vault keys.
key_vault_policy_ids IDs of the Key Vault access policies.
key_vault_urls URIs of the Key Vault created, used for performing operationson keys and secrets.
secret_ids IDs of the Key Vault secrets.
thumbprint Thumbprints of the Key Vault certificates.