keyvault

claranet/keyvault/azurerm

Terraform Module HCL AZURERM

Terraform module composition (feature) for Azure KeyVault

Install

module "keyvault" {

source = "claranet/keyvault/azurerm"

version = "8.2.0"

}

plain text: /constructs/tfmod-claranet-keyvault-azurerm/install.txt

⭐ Source on GitHub 📦 Registry page

README

Azure Key Vault feature ![Changelog](CHANGELOG.md) ![Notice](NOTICE) ![Apache V2 License](LICENSE) ![OpenTofu Registry](https://search.opentofu.org/module/claranet/keyvault/azurerm/) This Terraform module creates an Azure Key Vault with "reader" and "admin" pre-configured Access policies and Diagnostic settings enabled. Global versioning rule for Claranet Azure modules | Module version | Terraform version | OpenTofu version | AzureRM version | | -------------- | ----------------- | ---------------- | --------------- | | >= 8.x.x | Unverified | 1.8.x | >= 4.0 | | >= 7.x.x | 1.3.x | | >= 3.0 | | >= 6.x.x | 1.x | | >= 3.0 | | >= 5.x.x | 0.15.x | | >= 2.0 | | >= 4.x.x | 0.13.x / 0.14.x | | >= 2.0 | | >= 3.x.x | 0.12.x | | >= 2.0 | | >= 2.x.x | 0.12.x | | < 2.0 | | < 2.x.x | 0.11.x | | < 2.0 |

Inputs (30)

Name	Type	Description	Default
resource_group_name	string	Resource Group the resources will belong to.	required
location	string	Azure location for Key Vault.	required
logs_destinations_ids	list(string)	List of destination resources IDs for logs diagnostic destination. Can be `Stora	required
location_short	string	Short string for Azure location.	required
client_name	string	Client name.	required
stack	string	Stack name.	required
environment	string	Environment name.	required
managed_hardware_security_module_enabled	bool	Create a Key Vault Managed HSM resource if enabled. Changing this forces a new r	`false`
tenant_id	string	The Azure Active Directory tenant ID that should be used for authenticating requ	`""`
enabled_for_template_deployment	bool	Whether Azure Resource Manager is permitted to retrieve secrets from the Key Vau	`false`
reader_objects_ids	list(string)	IDs of the objects that can read all keys, secrets and certificates.	`[]`
public_network_access_enabled	bool	Whether the Key Vault is available from public network.	`false`
hsm_security_domain_certificates	list(string)	List of Key Vault certificates IDs to be used as security domain certificates.	`null`
logs_categories	list(string)	Log categories to send to destinations.	`null`
logs_metrics_categories	list(string)	Metrics categories to send to destinations.	`null`
sku_name	string	The Name of the SKU used for this Key Vault. Possible values are `standard` and	`"standard"`
name_prefix	string	Optional prefix for the generated name.	`""`
name_suffix	string	Optional suffix for the generated name.	`""`
admin_objects_ids	list(string)	IDs of the objects that can do all operations on all keys, secrets and certifica	`[]`
custom_name	string	Name of the Key Vault, generated if not set.	`""`
extra_tags	map(string)	Extra tags to add.	`{}`
network_acls	object({ bypass	Object with attributes: `bypass`, `default_action`, `ip_rules`, `virtual_network	`{}`
purge_protection_enabled	bool	Whether to activate purge protection.	`true`
soft_delete_retention_days	number	The number of days that items should be retained for once soft-deleted. This val	`7`
hsm_security_domain_quorum	number	Number of security domain certificates needed to perform operations.	`null`
enabled_for_deployment	bool	Whether Azure Virtual Machines are permitted to retrieve certificates stored as	`false`
enabled_for_disk_encryption	bool	Whether Azure Disk Encryption is permitted to retrieve secrets from the vault an	`false`