Skip to content

security/keyvault

Overview

This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.

Dependency diagram (Mermaid)

graph TD azurecaf_name.keyvault["azurecaf_name.keyvault"] azurerm_key_vault.keyvault["azurerm_key_vault.keyvault"] azurerm_key_vault_secret.secret["azurerm_key_vault_secret.secret"] azurerm_key_vault_secret.secret_ignore_changes["azurerm_key_vault_secret.secret_ignore_changes"] module.diagnostics["module.diagnostics"] module.initial_policy["module.initial_policy"] module.private_endpoint["module.private_endpoint"] azurerm_key_vault.keyvault --> azurecaf_name.keyvault azurerm_key_vault_secret.secret --> azurerm_key_vault.keyvault azurerm_key_vault_secret.secret --> module.initial_policy azurerm_key_vault_secret.secret_ignore_changes --> azurerm_key_vault.keyvault azurerm_key_vault_secret.secret_ignore_changes --> module.initial_policy module.diagnostics --> azurerm_key_vault.keyvault module.initial_policy --> azurerm_key_vault.keyvault module.private_endpoint --> azurerm_key_vault.keyvault

Module Reference

Category: security
Path: modules/security/keyvault
Azure Resources: azurecaf_name, azurerm_key_vault, azurerm_key_vault_secret

Inputs

Name Description Type Required Default Validation
global_settings Global settings object (see module README.md) any yes - -
client_config Client configuration object (see module README.md). any yes - -
settings The settings for the Azure resource. any yes - -
vnets any no {} -
azuread_groups any no {} -
managed_identities any no {} -
diagnostics any no {} -
private_dns any no {} -
location location of the resource if different from the resource group. string no - -
resource_group_name Resource group object to deploy the Azure resource string no - -
resource_group Resource group object to deploy the Azure resource any yes - -
base_tags Base tags for the resource to be inherited from the resource group. bool yes - -
virtual_subnets Map of virtual_subnets objects any no {} -

Outputs

Name Description Sensitive Value
id - azurerm_key_vault.keyvault.id
vault_uri - azurerm_key_vault.keyvault.vault_uri
name - azurerm_key_vault.keyvault.name
rbac_id - azurerm_key_vault.keyvault.id
base_tags - local.tags

Sources

  • modules/security/keyvault/diagnostics.tf
  • modules/security/keyvault/initial_policy.tf
  • modules/security/keyvault/keyvault.tf
  • modules/security/keyvault/locals.tf
  • modules/security/keyvault/main.tf
  • modules/security/keyvault/outputs.tf
  • modules/security/keyvault/private_endpoints.tf
  • modules/security/keyvault/secrets.tf
  • modules/security/keyvault/variables.tf