Azure Key Vault Managed Storage Account
This page shows how to write Terraform for Key Vault Managed Storage Account and write them securely.
azurerm_key_vault_managed_storage_account (Terraform)
The Managed Storage Account in Key Vault can be configured in Terraform with the resource name azurerm_key_vault_managed_storage_account
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
name
- (Required) The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.key_vault_id
- (Required) The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.storage_account_id
- (Required) The ID of the Storage Account.storage_account_key
- (Required) Which Storage Account access key that is managed by Key Vault. Possible values arekey1
andkey2
.
regenerate_key_automatically
- (Optional) Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
regeneration_period
- (Optional) How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.tags
- (Optional) A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Key Vault Managed Storage Account.
Explanation in Terraform Registry
Manages a Key Vault Managed Storage Account.
Tips: Best Practices for The Other Azure Key Vault Resources
In addition to the azurerm_key_vault, Azure Key Vault has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_key_vault
Ensure to specify a network ACL for the key vault
It is better to specify network ACL for the key vault. The default should be set to deny and Azure Services should be still accepted.
azurerm_key_vault_key
Ensure to configure the expiration date on all keys
It is better to configure the expiration date on all keys which is not set by default.
azurerm_key_vault_secret
Ensure to set a content type
It is better to set a content type to aid interpretation on retrieval.
Azure Resource Manager Example
Azure Resource Manager code does not have the related resource.