-
Notifications
You must be signed in to change notification settings - Fork 4
/
key-vault.tf
31 lines (28 loc) · 965 Bytes
/
key-vault.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
data "azurerm_client_config" "current" {}
resource "random_string" "suffix" {
length = 4
special = false
numeric = false
}
resource "azurerm_key_vault" "des_vault" {
location = data.azurerm_resource_group.rg.location
name = "${var.cluster_name}-des-kv-${random_string.suffix.result}"
resource_group_name = var.resource_group_name
sku_name = "premium"
tenant_id = data.azurerm_client_config.current.tenant_id
enabled_for_disk_encryption = true
purge_protection_enabled = true
soft_delete_retention_days = 90
}
resource "azurerm_key_vault_access_policy" "current_user" {
key_vault_id = azurerm_key_vault.des_vault.id
object_id = data.azurerm_client_config.current.object_id
tenant_id = data.azurerm_client_config.current.tenant_id
key_permissions = [
"Get",
"Create",
"Delete",
"GetRotationPolicy",
"Recover",
]
}