-
-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathvariables.tf
115 lines (100 loc) · 3.53 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
variable "name" {
type = string
description = "Specifies the name of the Key Vault. Changing this forces a new resource to be created."
}
variable "resource_group_name" {
type = string
description = "The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created."
}
variable "location" {
type = string
description = "The location/region where the Key Vault is created."
}
variable "tags" {
type = map(string)
default = {}
description = "A mapping of tags to assign to the resource."
}
variable "sku_name" {
type = string
description = "The Name of the SKU used for this Key Vault. Possible values are standard and premium."
}
variable "tenant_id" {
type = string
description = "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault."
}
variable "soft_delete_retention_days" {
type = number
default = 90
description = "The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days."
}
variable "purge_protection_enabled" {
type = bool
default = false
description = "Is Purge Protection enabled for this Key Vault?"
}
variable "enabled_for_deployment" {
type = bool
default = false
description = "Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault."
}
variable "enabled_for_disk_encryption" {
type = bool
default = false
description = "Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys."
}
variable "enabled_for_template_deployment" {
type = bool
default = false
description = "Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault."
}
variable "enable_rbac_authorization" {
type = bool
default = false
description = "Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions."
}
variable "access_policies" {
type = list(object({
object_id = string
application_id = optional(string)
key_permissions = optional(list(string), [])
secret_permissions = optional(list(string), [])
certificate_permissions = optional(list(string), [])
storage_permissions = optional(list(string), [])
}))
default = []
description = "List of objects that represent the configuration of each access policies."
}
variable "keys" {
type = list(object({
name = string
key_type = string
key_size = optional(number)
curve = optional(string)
key_opts = optional(list(string), [])
not_before_date = optional(string)
expiration_date = optional(string)
}))
default = []
description = "List of objects that represent the configuration of each key."
}
variable "secrets" {
type = list(object({
name = string
value = string
content_type = optional(string)
not_before_date = optional(string)
expiration_date = optional(string)
}))
default = []
description = "List of objects that represent the configuration of each secrect."
}
variable "contacts" {
type = list(object({
email = string
name = optional(string)
phone = optional(string)
}))
default = []
description = "List of objects that represent each contact."
}