azurerm_key_vault_managed_hardware_security_module_role_definition

Manages a KeyVault Managed Hardware Security Module Role Definition. This resource works together with Managed hardware security module resource.

Example Usage

resource "azurerm_key_vault_managed_hardware_security_module" "example" {
  name                     = "example"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  sku_name                 = "Standard_B1"
  tenant_id                = data.azurerm_client_config.current.tenant_id
  admin_object_ids         = [data.azurerm_client_config.current.object_id]
  purge_protection_enabled = false

  active_config {
    security_domain_certificate = [
      azurerm_key_vault_certificate.cert[0].id,
      azurerm_key_vault_certificate.cert[1].id,
      azurerm_key_vault_certificate.cert[2].id,
    ]
    security_domain_quorum = 2
  }
}

resource "azurerm_key_vault_managed_hardware_security_module_role_definition" "example" {
  name           = "7d206142-bf01-11ed-80bc-00155d61ee9e"
  vault_base_url = azurerm_key_vault_managed_hardware_security_module.example.hsm_uri
  description    = "desc foo"
  permission {
    data_actions = [
      "Microsoft.KeyVault/managedHsm/keys/read/action",
    ]
  }
}

Arguments Reference

The following arguments are supported:



A permission block supports the following, more details about permission see permitted-operations:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

KeyVaults can be imported using the resource id, e.g.

terraform import azurerm_key_vault_managed_hardware_security_module_role_definition.example https://0000.managedhsm.azure.net///RoleDefinition/00000000-0000-0000-0000-000000000000