This module manages a keyvault resource in Azure with the required permissions.
Instantiate the module by calling it from Terraform like this:
module "azure-keyvault" {
source = "dodevops/keyvault/azure"
version = "<version>"
(...)
}No requirements.
The following providers are used by this module:
- azurerm
No modules.
The following resources are used by this module:
- azurerm_key_vault.keyvault (resource)
- azurerm_key_vault_access_policy.keyvault-access-policy-objectid-apps-createonly (resource)
- azurerm_key_vault_access_policy.keyvault-access-policy-objectid-apps-fullaccess (resource)
- azurerm_key_vault_access_policy.keyvault-access-policy-objectid-apps-readonly (resource)
- azurerm_key_vault_access_policy.keyvault-access-policy-objectids-createonly (resource)
- azurerm_key_vault_access_policy.keyvault-access-policy-objectids-fullaccess (resource)
- azurerm_key_vault_access_policy.keyvault-access-policy-objectids-readonly (resource)
- azurerm_monitor_diagnostic_setting.keyvaultaudit (resource)
- azurerm_storage_account.storageaccountkeyvaultaudit (resource)
The following input variables are required:
Description: The tenant id used for azure
Type: string
Description: The azure location used for azure
Type: string
Description: List of one or more IP Addresses, or CIDR Blocks which should be able to access the Key Vault. If default action is Allow this can be an empty list
Type: list(string)
Description: List of one or more Subnet IDs which should be able to access this Key Vault. If default action is Allow this can be an empty list
Type: list(string)
Description: Three letter project key
Type: string
Description: Azure Resource Group to use
Type: string
Description: Stage for this ressource group
Type: string
The following input variables are optional (have default values):
Description: A list of object IDs with allowed apps (in the form of :) that are allowed to create (but not read or change) elements the keyvault
Type: list(string)
Default: []
Description: A list of object IDs with allowed apps (in the form of :) that are allowed to fully access the keyvault
Type: list(string)
Default: []
Description: A list of object IDs with allowed apps (in the form of :) that are allowed to read elements the keyvault
Type: list(string)
Default: []
Description: A list of object IDs that are allowed to create (but not read or change) elements in the keyvault
Type: list(string)
Default: []
Description: A list of object IDs that are allowed to fully access the keyvault elements (with all operations)
Type: list(string)
Default: []
Description: A list of object IDs that are allowed to read elements in the keyvault
Type: list(string)
Default: []
Description: Sets number of days to keep audit records, if audit is enabled
Type: number
Default: 365
Description: Enable audit of keyvault changes
Type: bool
Default: false
Description: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
Type: string
Default: "None"
Description: The Default Action to use when no rules match from ip_rules / virtual_network_subnet_ids. Possible values are Allow and Deny.
Type: string
Default: "Deny"
Description: Keyvault sku
Type: string
Default: "standard"
Description: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days
Type: number
Default: 14
Description: Map of tags for the resources
Type: map(any)
Default: {}
The following outputs are exported:
Description: n/a
Use terraform-docs to generate the API documentation by running
terraform fmt .
terraform-docs .