Azure Key Vault Managed Hardware Security Module
This page shows how to write Terraform and Azure Resource Manager for Key Vault Managed Hardware Security Module and write them securely.
azurerm_key_vault_managed_hardware_security_module (Terraform)
The Managed Hardware Security Module in Key Vault can be configured in Terraform with the resource name azurerm_key_vault_managed_hardware_security_module
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_key_vault_managed_hardware_security_module" "my_module" {
name = "exampleKVHsm"
resource_group_name = azurerm_resource_group.example.name
location = "eastus"
sku_name = "Standard_B1"
purge_protection_enabled = false
resource "azurerm_key_vault_managed_hardware_security_module" "my_module" {
name = "exampleKVHsm"
resource_group_name = azurerm_resource_group.example.name
location = "eastus"
sku_name = "Standard_B1"
purge_protection_enabled = false
Parameters
The following arguments are supported:
name
- (Required) Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.resource_group_name
- (Required) The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.admin_object_ids
- (Required) Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.sku_name
- (Required) The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value isStandard_B1
. Changing this forces a new resource to be created.tenant_id
- (Required) The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.purge_protection_enabled
- (Optional) Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults tofalse
. Changing this forces a new resource to be created.soft_delete_retention_days
- (Optional) The number of days that items should be retained for once soft-deleted. This value can be between7
and90
days. Defaults to90
. Changing this forces a new resource to be created.tags
- (Optional) A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
The following attributes are exported:
id
- The Key Vault Secret Managed Hardware Security Module ID.hsm_uri
- The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Explanation in Terraform Registry
Manages a Key Vault Managed Hardware Security Module.
Tips: Best Practices for The Other Azure Key Vault Resources
In addition to the azurerm_key_vault, Azure Key Vault has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_key_vault
Ensure to specify a network ACL for the key vault
It is better to specify network ACL for the key vault. The default should be set to deny and Azure Services should be still accepted.
azurerm_key_vault_key
Ensure to configure the expiration date on all keys
It is better to configure the expiration date on all keys which is not set by default.
azurerm_key_vault_secret
Ensure to set a content type
It is better to set a content type to aid interpretation on retrieval.
Microsoft.KeyVault/managedHSMs (Azure Resource Manager)
The managedHSMs in Microsoft.KeyVault can be configured in Azure Resource Manager with the resource name Microsoft.KeyVault/managedHSMs
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Frequently asked questions
What is Azure Key Vault Managed Hardware Security Module?
Azure Key Vault Managed Hardware Security Module is a resource for Key Vault of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Key Vault Managed Hardware Security Module?
For Terraform, the gilyas/infracost and infracost/infracost source code examples are useful. See the Terraform Example section for further details.