Skip to content

azuread/service_principal_password

Overview

This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.

Dependency diagram (Mermaid)

graph TD azuread_service_principal_password.pwd["azuread_service_principal_password.pwd"] azurerm_key_vault_secret.client_id["azurerm_key_vault_secret.client_id"] azurerm_key_vault_secret.client_secret["azurerm_key_vault_secret.client_secret"] azurerm_key_vault_secret.tenant_id["azurerm_key_vault_secret.tenant_id"] time_rotating.pwd["time_rotating.pwd"] azuread_service_principal_password.pwd --> time_rotating.pwd azurerm_key_vault_secret.client_secret --> azuread_service_principal_password.pwd azurerm_key_vault_secret.client_secret --> time_rotating.pwd

Module Reference

Category: azuread
Path: modules/azuread/service_principal_password
Azure Resources: azuread_service_principal_password, azurerm_key_vault_secret, time_rotating

Inputs

Name Description Type Required Default Validation
global_settings any no {} -
settings any no {} -
client_config Client configuration object (see module README.md). any yes - -
keyvaults any no {} -
service_principal_id (Required) The ID of the Service Principal for which this password should be created. any yes - -
service_principal_client_id (Required) Client ID of the Application for which to create a Service Principal. any yes - -
password_policy Default password policy applies when not set in tfvars. any no {"expire_in_days": 180, "length": 250, "number": true, "rotation": {"months": 1}, "special": false, "upper": true} -

Outputs

Name Description Sensitive Value
tenant_id - var.client_config.tenant_id
key_id - azuread_service_principal_password.pwd.key_id
service_principal_id - azuread_service_principal_password.pwd.service_principal_id
service_principal_password true azuread_service_principal_password.pwd.value
end_date - azuread_service_principal_password.pwd.end_date
start_date - azuread_service_principal_password.pwd.start_date
keyvaults Keyvaults storing the passwords. Store the secret_prefix-client-id, secret_prefix-client-secret - {for key , value in try(var.settings.keyvaults, {}) : key => {"id": "${azurerm_key_vault_secret.client_id[key].key_vault_id}", "secret_name_client_secret": "${value.secret_prefix}"}}

Sources

  • modules/azuread/service_principal_password/keyvault_secrets.tf
  • modules/azuread/service_principal_password/module.tf
  • modules/azuread/service_principal_password/outputs.tf
  • modules/azuread/service_principal_password/variables.tf