azuread/credentials¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azuread_application_password.key["azuread_application_password.key"]
azuread_application_password.key0["azuread_application_password.key0"]
azuread_application_password.key1["azuread_application_password.key1"]
azurerm_key_vault_secret.client_id["azurerm_key_vault_secret.client_id"]
azurerm_key_vault_secret.client_secret["azurerm_key_vault_secret.client_secret"]
azurerm_key_vault_secret.tenant_id["azurerm_key_vault_secret.tenant_id"]
time_rotating.key["time_rotating.key"]
time_rotating.key0["time_rotating.key0"]
time_rotating.key1["time_rotating.key1"]
time_sleep.wait_new_password_propagation["time_sleep.wait_new_password_propagation"]
azuread_application_password.key --> time_rotating.key
azuread_application_password.key0 --> time_rotating.key0
azuread_application_password.key1 --> time_rotating.key1
azurerm_key_vault_secret.client_secret --> azuread_application_password.key
azurerm_key_vault_secret.client_secret --> azuread_application_password.key0
azurerm_key_vault_secret.client_secret --> azuread_application_password.key1
azurerm_key_vault_secret.client_secret --> time_sleep.wait_new_password_propagation
time_sleep.wait_new_password_propagation --> azuread_application_password.key
time_sleep.wait_new_password_propagation --> azuread_application_password.key0
time_sleep.wait_new_password_propagation --> azuread_application_password.key1
time_sleep.wait_new_password_propagation --> time_rotating.key
time_sleep.wait_new_password_propagation --> time_rotating.key0
time_sleep.wait_new_password_propagation --> time_rotating.key1
Module Reference¶
Category: azuread
Path: modules/azuread/credentials
Azure Resources: azuread_application_password, azurerm_key_vault_secret, time_rotating, time_sleep
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
global_settings |
any |
no | {} |
- | |
settings |
any |
no | {} |
- | |
client_config |
Client configuration object (see module README.md). | any |
yes | - |
- |
keyvaults |
any |
no | {} |
- | |
resources |
Application ID the credentials will be attached to. | any |
yes | - |
- |
credential_policy |
Custom credential policy to apply. | any |
no | - |
- |
policy |
Default credential policy to apply. | any |
no | {"expire_in_days": 380, "length": 250, "number": true, "rotation_key0": {"days": 180}, "rotation_key1": {"days": 361}, "special": false, "upper": true} |
- |
Outputs¶
No outputs defined.
Sources¶
modules/azuread/credentials/keyvault_secrets.tfmodules/azuread/credentials/password.tfmodules/azuread/credentials/password_rotation.tfmodules/azuread/credentials/variables.tf