Skip to content

azuread/service_principal_password

Overview

This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.

Dependency diagram (Mermaid)

graph TD azuread_service_principal_password.pwd["azuread_service_principal_password.pwd"] azurerm_key_vault_secret.client_id["azurerm_key_vault_secret.client_id"] azurerm_key_vault_secret.client_secret["azurerm_key_vault_secret.client_secret"] azurerm_key_vault_secret.tenant_id["azurerm_key_vault_secret.tenant_id"] time_rotating.pwd["time_rotating.pwd"] azuread_service_principal_password.pwd --> time_rotating.pwd azurerm_key_vault_secret.client_secret --> azuread_service_principal_password.pwd azurerm_key_vault_secret.client_secret --> time_rotating.pwd

Module Reference

Category: azuread
Path: modules/azuread/service_principal_password
Azure Resources: azuread_service_principal_password, azurerm_key_vault_secret, time_rotating

Inputs

Name Description Type Required Default Validation
"global_settings" any no {} -
"settings" any no {} -
"client_config" "Client configuration object (see module README.md)." any yes - -
"keyvaults" any no {} -
"service_principal_id" "(Required) The ID of the Service Principal for which this password should be created." any yes - -
"service_principal_client_id" "(Required) Client ID of the Application for which to create a Service Principal." any yes - -
"password_policy" "Default password policy applies when not set in tfvars." any no {"expire_in_days": 180, "length": 250, "number": true, "rotation": {"months": 1}, "special": false, "upper": true} -

Outputs

Name Description Sensitive Value
"tenant_id" - var.client_config.tenant_id
"key_id" - azuread_service_principal_password.pwd.key_id
"service_principal_id" - azuread_service_principal_password.pwd.service_principal_id
"service_principal_password" true azuread_service_principal_password.pwd.value
"end_date" - azuread_service_principal_password.pwd.end_date
"start_date" - azuread_service_principal_password.pwd.start_date
"keyvaults" "Keyvaults storing the passwords. Store the secret_prefix-client-id, secret_prefix-client-secret" - {for key, value in try(var.settings.keyvaults, {}) : key => {id = azurerm_key_vault_secret.client_id[key].key_vault_id, secret_name_client_secret = value.secret_prefix}}

Sources

  • modules/azuread/service_principal_password/keyvault_secrets.tf
  • modules/azuread/service_principal_password/module.tf
  • modules/azuread/service_principal_password/outputs.tf
  • modules/azuread/service_principal_password/variables.tf