keyvault.tf

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=2.62.1"
    }
  }
}

variable "name" {
  type = string
}

variable "rg_name" {
  type = string
}

variable "rg_location" {
  type = string
}

variable "tenant_id" {
  type = string
}

variable "secrets" {
  type = map
}

# get current user
data "azurerm_client_config" "current" {}

# create the resource
resource "azurerm_key_vault" "this" {
  name                  = "kv-${var.name}"
  resource_group_name   = var.rg_name
  location              = var.rg_location
  tenant_id             = var.tenant_id
  sku_name              = "standard"

  # define an access policy for terraform connection
  access_policy {
    tenant_id           = var.tenant_id
    object_id           = data.azurerm_client_config.current.object_id

    secret_permissions  = [ "Get", "Set", "List" ]
  }
}

# add the secrets
resource "azurerm_key_vault_secret" "this" {
  for_each = var.secrets
  
  name          = each.key
  value         = each.value
  key_vault_id  = azurerm_key_vault.this.id
}

#outputs
output "key_vault_endpoint" {
  value = azurerm_key_vault.this.vault_uri
}

output "key_vault_id" {
  value = azurerm_key_vault.this.id
}