generated from miljodir/terraform-azurerm-template
-
Notifications
You must be signed in to change notification settings - Fork 0
main
github-actions[bot] edited this page Feb 4, 2025
·
6 revisions
To use this module in your Terraform, use the below source value.
module "main" {
source = "[email protected]:miljodir/terraform-azurerm-key-vault?ref=1.3.0"
# also any inputs for the module (see below)
}| Name | Version |
|---|---|
| terraform | ~> 1.5 |
| azurerm | >= 3.0, < 5.0 |
| Name | Version |
|---|---|
| azurerm | >= 3.0, < 5.0 |
| Name | Source | Version |
|---|---|---|
| network_vars | [email protected]:miljodir/cp-shared.git//modules/public_nw_ips | public_nw_ips/v1 |
| Name | Type |
|---|---|
| azurerm_key_vault.kv | resource |
| azurerm_private_endpoint.kv_pe | resource |
| azurerm_client_config.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| rg_name | Resource Group name where resources will be deployed | string |
n/a | yes |
| unique | A unique string that will be used in the names of the resources. Must be 6 characters long | string |
n/a | yes |
| dns_rg_name | Resource Group name where DNS Zone will be deployed | string |
"p-dns-pri" |
no |
| enable_private_endpoint | Enable or disable private endpoint for the key vault. Defaults to true. | bool |
true |
no |
| enable_rbac_authorization | Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. | bool |
true |
no |
| enabled_for_deployment | Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
false |
no |
| enabled_for_disk_encryption | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
false |
no |
| enabled_for_template_deployment | Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
false |
no |
| key_vault_name | Override the name of the Key Vault | string |
null |
no |
| location | location where resources will be deployed | string |
"norwayeast" |
no |
| network_acls | Network rules restricing access to the storage account. | object({ |
{ |
no |
| public_network_access_enabled | Whether public network access is allowed for this Key Vault. | bool |
true |
no |
| purge_protection_enabled | Is Purge Protection enabled for this Key Vault? | bool |
false |
no |
| sku_name | The Name of the SKU used for this Key Vault. Possible values are standard and premium | string |
"standard" |
no |
| soft_delete_retention_days | The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. | number |
90 |
no |
| subnet_id | The ID of the subnet where the Private Endpoint will be deployed | string |
null |
no |
| Name | Description |
|---|---|
| key_vault | n/a |
| key_vault_private_endpoint | n/a |
- PR #7 - removes dns record from module
removes dns record from module and the configuration_aliases
- PR #5 - Rework logic for acls
This will require whoever is running terraform init to also have access to the repository containing the IPs which are to be whitelisted.
The idea is that SQL Servers prefixed "d-" get some automatic firewall openings from certain public IPs.
- PR #6 - ignore changes to ttl & tags on dns records
ignore changes to ttl & tags on dns records
- PR #4 - ignore changes to private_dns_zone_group
ignore changes to private_dns_zone_group in private endpoint resources
- PR #3 - Multi-repo update: Ensure terraform uses azurerm 4.0 provider
Preparation for 4.0 upgrade
- PR #1 - Add files for v1
Creates v1 tag for existing key vault module