Created
July 5, 2021 19:02
-
-
Save xximjasonxx/85295fa1751dda875b3841e7376ea9bd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
azurerm = { | |
source = "hashicorp/azurerm" | |
version = "=2.62.1" | |
} | |
} | |
} | |
variable "name" { | |
type = string | |
} | |
variable "rg_name" { | |
type = string | |
} | |
variable "rg_location" { | |
type = string | |
} | |
variable "tenant_id" { | |
type = string | |
} | |
variable "secrets" { | |
type = map | |
} | |
# get current user | |
data "azurerm_client_config" "current" {} | |
# create the resource | |
resource "azurerm_key_vault" "this" { | |
name = "kv-${var.name}" | |
resource_group_name = var.rg_name | |
location = var.rg_location | |
tenant_id = var.tenant_id | |
sku_name = "standard" | |
# define an access policy for terraform connection | |
access_policy { | |
tenant_id = var.tenant_id | |
object_id = data.azurerm_client_config.current.object_id | |
secret_permissions = [ "Get", "Set", "List" ] | |
} | |
} | |
# add the secrets | |
resource "azurerm_key_vault_secret" "this" { | |
for_each = var.secrets | |
name = each.key | |
value = each.value | |
key_vault_id = azurerm_key_vault.this.id | |
} | |
#outputs | |
output "key_vault_endpoint" { | |
value = azurerm_key_vault.this.vault_uri | |
} | |
output "key_vault_id" { | |
value = azurerm_key_vault.this.id | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment