azurestack_key_vault_key

Manages a Key Vault Key.

Disclaimers

Example Usage

data "azurestack_client_config" "current" {}

resource "azurestack_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurestack_key_vault" "example" {
  name                = "examplekeyvault"
  location            = azurestack_resource_group.example.location
  resource_group_name = azurestack_resource_group.example.name
  tenant_id           = data.azurestack_client_config.current.tenant_id
  sku_name            = "premium"

  access_policy {
    tenant_id = data.azurestack_client_config.current.tenant_id
    object_id = data.azurestack_client_config.current.object_id

    key_permissions = [
      "create",
      "get",
      "purge",
      "recover"
    ]

    secret_permissions = [
      "set",
    ]
  }
}

resource "azurestack_key_vault_key" "generated" {
  name         = "generated-certificate"
  key_vault_id = azurestack_key_vault.example.id
  key_type     = "RSA"
  key_size     = 2048

  key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
  ]
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Key Vault Key which is Enabled can be imported using the resource id, e.g.

terraform import azurestack_key_vault_key.example "https://example-keyvault.vault.azure.net/keys/example/fdf067c93bbb4b22bff4d8b7a9a56217"