You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Specifies the name of the Key Vault. Changing this forces a new resource to be created.
string
n/a
yes
resource_group_name
The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.
string
n/a
yes
location
The location/region where the Key Vault is created.
string
n/a
yes
tags
A mapping of tags to assign to the resource.
map(string)
{}
no
sku_name
The Name of the SKU used for this Key Vault. Possible values are standard and premium.
string
n/a
yes
tenant_id
The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
string
n/a
yes
soft_delete_retention_days
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days.
number
90
no
purge_protection_enabled
Is Purge Protection enabled for this Key Vault?
bool
false
no
enabled_for_deployment
Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
bool
false
no
enabled_for_disk_encryption
Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
bool
false
no
enabled_for_template_deployment
Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
bool
false
no
enable_rbac_authorization
Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions.
bool
false
no
access_policies
List of objects that represent the configuration of each access policies.
list(object({}))
[]
no
keys
List of objects that represent the configuration of each key.
list(object({}))
[]
no
secrets
List of objects that represent the configuration of each secrect.
list(object({}))
[]
no
contacts
List of objects that represent each contact.
list(object({}))
[]
no
The access_policies supports the following:
Name
Description
Type
Default
Required
object_id
The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
string
n/a
yes
application_id
The object ID of an Application in Azure Active Directory.
string
null
no
key_permissions
List of certificate permissions, must be one or more from the following: Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, Decrypt, Encrypt, UnwrapKey, WrapKey, Verify, Sign and Purge.
list(string)
[]
no
secret_permissions
List of key permissions, must be one or more from the following: Get, List, Set, Delete, Recover, Backup, Restore and Purge.
list(string)
[]
no
certificate_permissions
List of certificate permissions, must be one or more from the following: Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, GetIssuers, SetIssuers, ListIssuers, DeleteIssuers, ManageContacts, ManageIssuers and Purge.
list(string)
[]
no
storage_permissions
List of storage permissions, must be one or more from the following: Get, List, Update, Set, Delete, Recover, Backup, Restore, GetSAS, ListSAS, SetSAS, DeleteSAS, RegenerateKey and Purge.
list(string)
[]
no
The keys supports the following:
Name
Description
Type
Default
Required
name
Specifies the name of the Key Vault Key.
string
n/a
yes
key_type
Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM.
number
n/a
yes
key_size
Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM.
string
null
no
curve
Specifies the curve to use when creating an EC key. Possible values are: P-256, P-384, P-521 and SECP256K1.
string
null
no
key_opts
A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey.
list(string)
[]
yes
not_before_date
Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
string
null
no
expiration_date
Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
string
null
no
The secrets supports the following:
Name
Description
Type
Default
Required
name
Specifies the name of the Key Vault Secret.
string
n/a
yes
value
Specifies the value of the Key Vault Secret.
string
null
yes
content_type
Specifies the content type for the Key Vault Secret.
string
null
no
not_before_date
Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
string
null
no
expiration_date
Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
string
null
yes
The contacts supports the following:
Name
Description
Type
Default
Required
email
E-mail address of the contact.
string
n/a
yes
name
Name of the contact.
string
null
no
phone
Phone number of the contact.
string
null
no
Outputs
The following outputs are exported:
Name
Description
Sensitive
id
The virtual network configuration ID.
no
name
The name of the virtual network.
no
resource_group_name
The name of the resource group in which to create the virtual network.
no
location
The location/region where the virtual network is created.
no
tags
The tags assigned to the resource.
no
contacts
Blocks containing each contact.
no
access_policies
Blocks containing configuration of each access policy.