Azure Key Vault Certificate Issuer
This page shows how to write Terraform for Key Vault Certificate Issuer and write them securely.
azurerm_key_vault_certificate_issuer (Terraform)
The Certificate Issuer in Key Vault can be configured in Terraform with the resource name azurerm_key_vault_certificate_issuer. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_key_vault_certificate_issuer" "keycertisr" {
name = try(var.settings.issuer_name, null)
key_vault_id = var.keyvault_id
provider_name = try(var.settings.provider_name, null)
org_id = try(var.settings.organization_id, null)
account_id = try(var.settings.account_id, null)
resource "azurerm_key_vault_certificate_issuer" "keycertisr" {
name = try(var.settings.issuer_name, null)
key_vault_id = var.keyvault_id
provider_name = try(var.settings.provider_name, null)
org_id = try(var.settings.organization_id, null)
account_id = try(var.settings.account_id, null)
resource "azurerm_key_vault_certificate_issuer" "keycertisr" {
name = try(var.settings.issuer_name, null)
key_vault_id = var.keyvault_id
provider_name = try(var.settings.provider_name, null)
org_id = try(var.settings.organization_id, null)
account_id = try(var.settings.account_id, null)
resource "azurerm_key_vault_certificate_issuer" "keycertisr" {
name = try(var.settings.issuer_name, null)
key_vault_id = var.keyvault_id
provider_name = try(var.settings.provider_name, null)
org_id = try(var.settings.organization_id, null)
account_id = try(var.settings.account_id, null)
resource "azurerm_key_vault_certificate_issuer" "keycertisr" {
name = try(var.settings.issuer_name, null)
key_vault_id = var.keyvault_id
provider_name = try(var.settings.provider_name, null)
org_id = try(var.settings.organization_id, null)
account_id = try(var.settings.account_id, null)
Parameters
-
account_idoptional - string -
idoptional computed - string -
key_vault_idrequired - string -
namerequired - string -
org_idoptional - string -
passwordoptional - string -
provider_namerequired - string -
adminlist block-
email_addressrequired - string -
first_nameoptional - string -
last_nameoptional - string -
phoneoptional - string
-
-
timeoutssingle block
Explanation in Terraform Registry
Manages a Key Vault Certificate Issuer.
Tips: Best Practices for The Other Azure Key Vault Resources
In addition to the azurerm_key_vault, Azure Key Vault has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_key_vault
Ensure to specify a network ACL for the key vault
It is better to specify network ACL for the key vault. The default should be set to deny and Azure Services should be still accepted.
azurerm_key_vault_key
Ensure to configure the expiration date on all keys
It is better to configure the expiration date on all keys which is not set by default.
azurerm_key_vault_secret
Ensure to set a content type
It is better to set a content type to aid interpretation on retrieval.
Azure Resource Manager Example
Azure Resource Manager code does not have the related resource.
Frequently asked questions
What is Azure Key Vault Certificate Issuer?
Azure Key Vault Certificate Issuer is a resource for Key Vault of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Key Vault Certificate Issuer?
For Terraform, the anmoltoppo/Terraform, aztfmod/terraform-azurerm-caf and pkhuntia/aztfmod source code examples are useful. See the Terraform Example section for further details.
