Azure · nusrath432 · Feb 17, 2023 · LaurentLesle · May 24, 2023 · nusrath432
diff --git a/caf_solution/dynamic_certificates.tf b/caf_solution/dynamic_certificates.tf
@@ -0,0 +1,17 @@
+module "dynamic_keyvault_certificates" {
+  # source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_certificates"
+  # version = "5.6.5"
+
+  source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_certificates?ref=main"
+
+  for_each = {
+    for keyvault_key, certificates in try(var.dynamic_keyvault_certificates, {}) : keyvault_key => {
+      for key, value in certificates : key => value
+      if try(value.value, null) == null
+    }
+  }
+
+  settings = each.value
+  keyvault = module.solution.keyvaults[each.key]
+  objects  = module.solution
+}
diff --git a/caf_solution/local.security.tf b/caf_solution/local.security.tf
@@ -3,6 +3,7 @@ locals {
     var.security,
     {
       disk_encryption_sets                = var.disk_encryption_sets
+      dynamic_keyvault_certificates       = var.dynamic_keyvault_certificates
       dynamic_keyvault_secrets            = var.dynamic_keyvault_secrets
       keyvault_certificate_issuers        = var.keyvault_certificate_issuers
       keyvault_certificate_requests       = var.keyvault_certificate_requests

diff --git a/caf_solution/variables.tf b/caf_solution/variables.tf
@@ -204,10 +204,13 @@ variable "role_mapping" {
   }
 }
 
-variable "dynamic_keyvault_secrets" {
+variable "dynamic_keyvault_certificates" {
   default = {}
 }
 
+variable "dynamic_keyvault_secrets" {
+  default = {}
+}
 
 variable "diagnostic_storage_accounts" {
   default = {}