azure-secrets-engine

devops-rob/azure-secrets-engine/vault

Terraform Module HCL VAULT

This module enables and configures the Azure secrets engine for Vault.

Install

module "azure-secrets-engine" {

source = "devops-rob/azure-secrets-engine/vault"

version = "0.1.0"

}

plain text: /constructs/tfmod-devops-rob-azure-secrets-engine-vault/install.txt

⭐ Source on GitHub 📦 Registry page

README

Terraform Module: Azure Secrets Engine Overview This module enables and configures the Azure secrets engine for Vault. Example use case On occasions when engineers require programmatic access to Azure, a service principal would normally be provisioned and securely distributed to them. In these cases, these service principals are long-lived credentials, which, in the wrong hands, can cause a serious security incident. Using the Vault Azure secrets engine drastically reduces the attack surface, as engineers request a short-lived credential from Vault, which is automatically deleted when the TTL expires. Should these generated credentials get into the wrong hands, malicious actors would have significantly less time to exploit them. Usage ``hcl provider "vault" { address = "http://localhost:82

Inputs (13)

Name	Type	Description	Default
azure_tenant_id	string	(Required) Azure tenant ID.	required
azure_client_secret	string	(Required) Client secret for Azure Service Principal. WARNING - This will be wri	required
azure_secret_backend_role_name	string	(Required) Name for Azure secret backend role.	required
azure_client_id	string	(Required) Client ID for Azure Service Principal. WARNING - This will be written	required
azure_app_id	string	(Optional) Application Object ID for an existing service principal that will be	required
use_resource_group	bool	(Optional) Toggle to enable usage of Resource Groups for Azure Role Scopes. When	`false`
azure_environment	string	(Optional) The Azure cloud environment to use.	`"AzurePublicCloud"`
path	string	(Required) The path that the secrets engine will be mounted to. Defaults to 'azu	`"azure"`
azure_secret_backend_max_ttl	number	(Optional) Maximum TTL for Azure secret backend. Defaults to '3600'.	`3600`
azure_secret_backend_ttl	number	(Optional) Default TTL for Azure secret backend. Defaults to '3600'	`3600`
azure_subscription_id	string	(Required) Azure subscription ID.	`"null"`
azure_role	string	(Optional) Azure role to assigned to service principal. Defaults to 'Reader'.	`"Reader"`
resource_group_identifier	string	(Required when 'use_resource_group' is set to 'true') Azure Resource Group Ident	`"null"`

Resources (2)

vault_azure_secret_backendvault_azure_secret_backend_role

Details

FrameworkTerraform Module

LanguageHCL

Version0.1.0

Cloud VAULT

★ Stars0

Forks2

Total downloads783

Inputs13

Resources2

LicenseApache-2.0

Namespacedevops-rob

Updated

Tools

⚖ Compare with another construct → 📋 View data schema