Azure Key Vault Key
This page shows how to write Terraform for Key Vault Key and write them securely.
azurerm_key_vault_key (Terraform)
The Key in Key Vault can be configured in Terraform with the resource name azurerm_key_vault_key
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_key_vault_key" "pr_rsa2048" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.premium.id
key_type = "RSA"
key_size = 2048
resource "azurerm_key_vault_key" "pr_rsa2048" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.premium.id
key_type = "RSA"
key_size = 2048
resource "azurerm_key_vault_key" "good_example" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
expiration_date = "1982-12-31T00:00:00Z"
resource "azurerm_key_vault_key" "generated" {
name = "vault-aks"
key_vault_id = azurerm_key_vault.vault.id
key_type = "RSA"
key_size = 2048
resource "azurerm_key_vault_key" "keyvault_key" {
name = var.res_kvencrypt_name
key_vault_id = var.res_key_vault_id
key_type = "RSA"
key_size = 2048
key_opts = var.res_key_opts
resource "azurerm_key_vault_key" "generated" {
name = "vault-aks"
key_vault_id = azurerm_key_vault.vault.id
key_type = "RSA"
key_size = 2048
resource "azurerm_key_vault_key" "key" {
name = var.kv_key_name
key_vault_id = var.kv_vault_id
key_type = var.kv_key_type
key_size = var.kv_key_size
key_opts = var.kv_key_opts
resource "azurerm_key_vault_key" "positive1" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
resource "azurerm_key_vault_key" "example" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA-HSM"
key_size = 2048
expiration_date = timeadd(timestamp(), "720h")
resource "azurerm_key_vault_key" "negative1" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
Security Best Practices for azurerm_key_vault_key
There is 1 setting in azurerm_key_vault_key that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure to configure the expiration date on all keys
It is better to configure the expiration date on all keys which is not set by default.
Parameters
-
curve
optional computed - string -
e
optional computed - string -
expiration_date
optional - string -
id
optional computed - string -
key_opts
required - list of string -
key_size
optional - number -
key_type
required - string -
key_vault_id
required - string -
n
optional computed - string -
name
required - string -
not_before_date
optional - string -
tags
optional - map from string to string -
version
optional computed - string -
versionless_id
optional computed - string -
x
optional computed - string -
y
optional computed - string -
timeouts
single block
Explanation in Terraform Registry
Manages a Key Vault Key.
Tips: Best Practices for The Other Azure Key Vault Resources
In addition to the azurerm_key_vault, Azure Key Vault has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_key_vault
Ensure to specify a network ACL for the key vault
It is better to specify network ACL for the key vault. The default should be set to deny and Azure Services should be still accepted.
azurerm_key_vault_secret
Ensure to set a content type
It is better to set a content type to aid interpretation on retrieval.
Azure Resource Manager Example
Azure Resource Manager code does not have the related resource.
Frequently asked questions
What is Azure Key Vault Key?
Azure Key Vault Key is a resource for Key Vault of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Key Vault Key?
For Terraform, the gilyas/infracost, infracost/infracost and returntocorp/semgrep-rules source code examples are useful. See the Terraform Example section for further details.