Top / Microsoft Azure / Azure Key Vault / Managed Storage Account Sas Token Definition

Azure Key Vault Managed Storage Account Sas Token Definition

This page shows how to write Terraform for Key Vault Managed Storage Account Sas Token Definition and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_key_vault_managed_storage_account_sas_token_definition (Terraform)

The Managed Storage Account Sas Token Definition in Key Vault can be configured in Terraform with the resource name azurerm_key_vault_managed_storage_account_sas_token_definition. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • name - (Required) The name which should be used for this SAS Definition.

  • managed_storage_account_id - (Required) The ID of the Managed Storage Account.

  • sas_template_uri - (Required) The SAS definition token template signed with an arbitrary key. Tokens created according to the SAS definition will have the same properties as the template, but regenerated with a new validity period.

  • sas_type - (Required) The type of SAS token the SAS definition will create. Possible values are account and service.

  • validity_period - (Required) Validity period of SAS token. Value needs to be in ISO 8601 duration format.

  • tags - (Optional) A mapping of tags which should be assigned to the SAS Definition.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Managed Storage Account SAS Definition.

  • secret_id - The ID of the Secret that is created by Managed Storage Account SAS Definition.

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Key Vault Managed Storage Account SAS Definition.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Key Vault Resources

In addition to the azurerm_key_vault, Azure Key Vault has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_key_vault

Ensure to specify a network ACL for the key vault

It is better to specify network ACL for the key vault. The default should be set to deny and Azure Services should be still accepted.

risk-label

azurerm_key_vault_key

Ensure to configure the expiration date on all keys

It is better to configure the expiration date on all keys which is not set by default.

risk-label

azurerm_key_vault_secret

Ensure to set a content type

It is better to set a content type to aid interpretation on retrieval.

Review your Azure Key Vault settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Azure Resource Manager Example

Azure Resource Manager code does not have the related resource.

The Other Related Azure Key Vault Resources

Frequently asked questions

What is Azure Key Vault Managed Storage Account Sas Token Definition?

Azure Key Vault Managed Storage Account Sas Token Definition is a resource for Key Vault of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents