name |
Specifies the name of the Key Vault. Vault names are globaly unique. Changing this forces a new resource to be created. |
string |
n/a |
yes |
resource_group |
Resource group configuration. |
object({ name = string location = string }) |
n/a |
yes |
sku_name |
The Name of the SKU used for this Key Vault. Possible values are standard and premium. |
string |
n/a |
yes |
tenant_id |
The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
string |
n/a |
yes |
access_policy |
List of policies to access the Key Vault. |
map(object({ application_id = optional(string) certificate_permissions = optional(list(string)) key_permissions = optional(list(string)) secret_permissions = optional(list(string)) storage_permissions = optional(list(string)) })) |
{} |
no |
enable_network_acl |
Boolean flag to enable or not network acl. |
bool |
true |
no |
enable_rbac_authorization |
Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. |
bool |
false |
no |
enabled_for_deployment |
Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
bool |
false |
no |
enabled_for_disk_encryption |
Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
bool |
false |
no |
enabled_for_template_deployment |
Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
bool |
false |
no |
logging |
The logging configuration |
object({ enabled = bool, log_analytics_workspace_id = string }) |
{ "enabled": false, "log_analytics_workspace_id": null } |
no |
network_acls |
Network acls to deploy on the key vault. ip_rules is a list of IP or CIDR blocks. |
object({ ip_rules = list(string) virtual_network_subnet_ids = list(string) }) |
{ "ip_rules": [], "virtual_network_subnet_ids": [] } |
no |
private_endpoint |
The private endpoint configuration. |
object({ enable = bool, subnet_id = string private_dns_zone_id = string, }) |
{ "enable": false, "private_dns_zone_id": null, "subnet_id": null } |
no |
soft_delete_retention_days |
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days. |
string |
"90" |
no |
tags |
A mapping of tags to assign to the resource. |
map(string) |
{} |
no |