Key Vault Seeding module can deploy these resources:
- azurerm_key_vault_secret (optional)
- random_password (optional)
Example variables structure is located in variables.md.
Example use case is located in test-case/locals.tf.
You can also see changelog.
Terraform documentation:
https://registry.terraform.io/providers/hashicorp/azurerm/4.14.0/docs/resources/key_vault_secret
https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password
WARNING: AzureRM provider had been updated to a new major version. Many breaking changes were implemented. See the providers guide for more information.
There are a few things you need to do to import resources into .tfstate. In the example below there are resources which can be imported within the module. You may need to modify these commands to the OS on which they will be running (Refer to the documentation for additional details).
- terraform import '
<path-to-module>.azurerm_key_vault_secret.key_vault_secret["<secret-name>"]' 'https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<secret-version>'
NOTE:
<path-to-module>is terraform logical path from root. e.g. module.key_vault_seeding
NOTE: You should not be importing secrets as it is a security risk.
| Output Name | Value | Comment |
|---|---|---|
| outputs | id | |
| resource_id | ||
| resource_versionless_id |
This module has a resource called "random_password" which is used to generate random secret values. This way, hardcoding secrets in the code can be avoided. A random password will only be generated if you don't set any value to the secret. Reference https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password for more information about the resource variables. Go to test-case/locals.tf to see an example of how to use this feature.
We currently log no issues in this module.