Configures the Azure Auth Backend in Vault.
This resource sets the access key and secret key that Vault will use when making API requests on behalf of an Azure Auth Backend. It can also be used to override the URLs Vault uses when making those API requests.
For more information, see the Vault docs.
resource "vault_auth_backend" "example" {
type = "azure"
}
resource "vault_azure_auth_backend_config" "example" {
backend = vault_auth_backend.example.path
tenant_id = "11111111-2222-3333-4444-555555555555"
client_id = "11111111-2222-3333-4444-555555555555"
client_secret = "01234567890123456789"
resource = "https://vault.hashicorp.com"
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
tenant_id
- (Required) The tenant id for the Azure Active Directory
organization.
resource
- (Required) The configured URL for the application registered in
Azure Active Directory.
backend
- (Optional) The path the Azure auth backend being configured was
mounted at. Defaults to azure
.
client_id
- (Optional) The client id for credentials to query the Azure APIs.
Currently read permissions to query compute resources are required.
client_secret
- (Optional) The client secret for credentials to query the
Azure APIs.
environment
- (Optional) The Azure cloud environment. Valid values:
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
AzureGermanCloud. Defaults to AzurePublicCloud
.
No additional attributes are exported by this resource.
Azure auth backends can be imported using auth/
, the backend
path, and /config
e.g.
$ terraform import vault_azure_auth_backend_config.example auth/azure/config