Skip to content
/ terraform-azure-key-vault Public

Terraform module for deploying an Azure Key Vault with support for access policies, RBAC authorization, network ACLs, keys, and secrets.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Think-Cube/terraform-azure-key-vault

BranchesTags

Repository files navigation

Requirements

Name Version
terraform >= 1.6.3
azurerm 4.46.0

Providers

Name Version
azurerm 4.46.0

Modules

No modules.

Resources

Name Type
azurerm_key_vault.main resource
azurerm_key_vault_key.main resource
azurerm_key_vault_secret.main resource
azurerm_client_config.current data source
azurerm_resource_group.rg data source

Inputs

Name Description Type Default Required
access_policies List of objects that represent the configuration of each access policies. list(map(string)) [] no
contacts List of objects that represent each contact. list(map(string)) [] no
default_tags A mapping of tags to assign to the resource. map(any) n/a yes
enable_rbac_authorization Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. bool false no
enabled_for_deployment Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. bool false no
enabled_for_disk_encryption Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. bool false no
enabled_for_template_deployment Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. bool false no
environment Var used for backend container name key string "dev" no
key_vault_name Specifies the name of the Key Vault. Changing this forces a new resource to be created. string n/a yes
keys List of objects that represent the configuration of each key. list(map(string)) [] no
network_acls A list of network ACLs. 
list(object({
    bypass                     = optional(string)
    default_action             = optional(string)
    ip_rules                   = optional(list(string))
    virtual_network_subnet_ids = optional(list(string))
  }))
 [] no
purge_protection_enabled Is Purge Protection enabled for this Key Vault? bool false no
region Region in which resources are deployed string "weu" no
resource_group_location The location/region where the virtual network is created. Changing this forces a new resource to be created. string "West Europe" no
resource_group_name The name of the resource group in which to create the virtual network. string n/a yes
secrets List of objects that represent the configuration of each secrect. list(map(string)) [] no
sku_name The Name of the SKU used for this Key Vault. Possible values are standard and premium. string n/a yes
soft_delete_retention_days The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. number 90 no
tenant_id The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. string n/a yes

Outputs

Name Description
id The ID of the Key Vault.
key_vault_uri The URI of the Key Vault, used for performing operations on keys and secrets.

About

Terraform module for deploying an Azure Key Vault with support for access policies, RBAC authorization, network ACLs, keys, and secrets.

Topics

security devops azure terraform iac keyvault azurerm cloudsecurity terraformmodules secretsmanagement

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

terraform-azure-key-vault v0.0.1 Latest
Dec 8, 2025

Packages

No packages published

Languages