In this blog post, I will show you how to create an Azure Key Vault on Microsoft Azure with Terraform code.
Key Vault Secret Store
Azure Key Vault is a secret store service that allows us to store passwords, certificates and keys using API requests, Terraform, PowerShell and Azure CLI.
I will create a standard Azure Key Vault with a 7 days soft delete retention in the following Terraform configuration.
Configuration
The configuration will also give the person that runs the code to get permissions to retrieve secrets. It is also important to note that the vault name needs to be globally unique across all the Azure services.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.44.0"
}
}
}
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
}
}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "rg" {
name = "linux"
location = "westus"
}
resource "azurerm_key_vault" "azvault" {
name = "ntwkeyvault1"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"get",
]
secret_permissions = [
"get",
]
storage_permissions = [
"get",
]
}
}