Azure Synapse Workspace Key
This page shows how to write Terraform for Synapse Workspace Key and write them securely.
azurerm_synapse_workspace_key (Terraform)
The Workspace Key in Synapse can be configured in Terraform with the resource name azurerm_synapse_workspace_key
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
customer_managed_key_name
- (Required) Specifies the name of the workspace key. Should match the name of the key in the synapse workspace.customer_managed_key_versionless_id
- (Required) The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryptionsynapse_workspace_id
- (Required) The ID of the Synapse Workspace where the encryption key should be configured.active
- (Required) Specifies if the workspace should be encrypted with this key.
-> Note: Only one key can actively encrypt a workspace. When performing a key rotation, setting a new key as the active key will disable existing keys.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Synapse Workspace.read
- (Defaults to 5 minutes) Used when retrieving the Synapse Workspace.update
- (Defaults to 30 minutes) Used when updating the Synapse Workspace.delete
- (Defaults to 30 minutes) Used when deleting the Synapse Workspace.
Import
Synapse Workspace can be imported using the resource id
, e.g.
terraform import azurerm_synapse_workspace_key.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/keys/key1
Explanation in Terraform Registry
Manages Synapse Workspace keys -> Note: Keys that are actively protecting a workspace cannot be deleted. When the keys resource is deleted, if the key is inactive it will be deleted, if it is active it will not be deleted.
Tips: Best Practices for The Other Azure Synapse Resources
In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_synapse_workspace
Ensure to enable the managed virtual network
It is better to enable the managed virtual network, which is disabled as the default.
Azure Resource Manager Example
Azure Resource Manager code does not have the related resource.