security/keyvault¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azurecaf_name.keyvault["azurecaf_name.keyvault"]
azurerm_key_vault.keyvault["azurerm_key_vault.keyvault"]
azurerm_key_vault_secret.secret["azurerm_key_vault_secret.secret"]
azurerm_key_vault_secret.secret_ignore_changes["azurerm_key_vault_secret.secret_ignore_changes"]
module.diagnostics["module.diagnostics"]
module.initial_policy["module.initial_policy"]
module.private_endpoint["module.private_endpoint"]
time_sleep.initial_policy["time_sleep.initial_policy"]
azurerm_key_vault.keyvault --> azurecaf_name.keyvault
azurerm_key_vault_secret.secret --> azurerm_key_vault.keyvault
azurerm_key_vault_secret.secret --> module.initial_policy
azurerm_key_vault_secret.secret_ignore_changes --> azurerm_key_vault.keyvault
azurerm_key_vault_secret.secret_ignore_changes --> module.initial_policy
module.diagnostics --> azurerm_key_vault.keyvault
module.initial_policy --> azurerm_key_vault.keyvault
module.private_endpoint --> azurerm_key_vault.keyvault
time_sleep.initial_policy --> module.initial_policy
Module Reference¶
Category: security
Path: modules/security/keyvault
Azure Resources: azurecaf_name, azurerm_key_vault, azurerm_key_vault_secret, time_sleep
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
"global_settings" |
"Global settings object (see module README.md)" | any |
yes | - |
- |
"client_config" |
"Client configuration object (see module README.md)." | any |
yes | - |
- |
"settings" |
"The settings for the Azure resource." | any |
yes | - |
- |
"vnets" |
any |
no | {} |
- | |
"azuread_groups" |
any |
no | {} |
- | |
"managed_identities" |
any |
no | {} |
- | |
"diagnostics" |
any |
no | {} |
- | |
"private_dns" |
any |
no | {} |
- | |
"location" |
"location of the resource if different from the resource group." | string |
no | - |
- |
"resource_group_name" |
"Resource group object to deploy the Azure resource" | string |
no | - |
- |
"resource_group" |
"Resource group object to deploy the Azure resource" | any |
yes | - |
- |
"base_tags" |
"Base tags for the resource to be inherited from the resource group." | bool |
yes | - |
- |
"virtual_subnets" |
"Map of virtual_subnets objects" | any |
no | {} |
- |
Outputs¶
| Name | Description | Sensitive | Value |
|---|---|---|---|
"id" |
- | azurerm_key_vault.keyvault.id |
|
"vault_uri" |
- | azurerm_key_vault.keyvault.vault_uri |
|
"name" |
- | azurerm_key_vault.keyvault.name |
|
"rbac_id" |
- | azurerm_key_vault.keyvault.id |
|
"base_tags" |
- | local.tags |
Sources¶
modules/security/keyvault/diagnostics.tfmodules/security/keyvault/initial_policy.tfmodules/security/keyvault/keyvault.tfmodules/security/keyvault/locals.tfmodules/security/keyvault/main.tfmodules/security/keyvault/outputs.tfmodules/security/keyvault/private_endpoints.tfmodules/security/keyvault/secrets.tfmodules/security/keyvault/variables.tf