github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/website/source/docs/providers/azurerm/r/key_vault.html.markdown (about) 1 --- 2 layout: "azurerm" 3 page_title: "Azure Resource Manager: azurerm_key_vault" 4 sidebar_current: "docs-azurerm-resource-key-vault" 5 description: |- 6 Create a Key Vault. 7 --- 8 9 # azurerm\_key\_vault 10 11 Create a Key Vault. 12 13 ## Example Usage 14 15 ``` 16 resource "azurerm_resource_group" "test" { 17 name = "resourceGroup1" 18 location = "West US" 19 } 20 21 resource "azurerm_key_vault" "test" { 22 name = "testvault" 23 location = "West US" 24 resource_group_name = "${azurerm_resource_group.test.name}" 25 26 sku { 27 name = "standard" 28 } 29 30 tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610" 31 32 access_policy { 33 tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610" 34 object_id = "d746815a-0433-4a21-b95d-fc437d2d475b" 35 key_permissions = [ 36 "all" 37 ] 38 secret_permissions = [ 39 "get" 40 ] 41 } 42 43 enabled_for_disk_encryption = true 44 45 tags { 46 environment = "Production" 47 } 48 } 49 ``` 50 51 ## Argument Reference 52 53 The following arguments are supported: 54 55 * `name` - (Required) Specifies the name of the Key Vault resource. Changing this 56 forces a new resource to be created. 57 58 * `location` - (Required) Specifies the supported Azure location where the resource exists. 59 Changing this forces a new resource to be created. 60 61 * `resource_group_name` - (Required) The name of the resource group in which to 62 create the namespace. Changing this forces a new resource to be created. 63 64 * `sku` - (Required) An SKU block as described below. 65 66 * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be 67 used for authenticating requests to the key vault. 68 69 * `access_policy` - (Required) An access policy block as described below. At least 70 one policy is required up to a maximum of 16. 71 72 * `enabled_for_deployment` - (Optional) Boolean flag to specify whether Azure Virtual 73 Machines are permitted to retrieve certificates stored as secrets from the key 74 vault. Defaults to false. 75 76 * `enabled_for_disk_encryption` - (Optional) Boolean flag to specify whether Azure 77 Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. 78 Defaults to false. 79 80 * `enabled_for_template_deployment` - (Optional) Boolean flag to specify whether 81 Azure Resource Manager is permitted to retrieve secrets from the key vault. 82 Defaults to false. 83 84 * `tags` - (Optional) A mapping of tags to assign to the resource. 85 86 `sku` supports the following: 87 88 * `name` - (Required) SKU name to specify whether the key vault is a `standard` 89 or `premium` vault. 90 91 `access_policy` supports the following: 92 93 * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used 94 for authenticating requests to the key vault. Must match the `tenant_id` used 95 above. 96 97 * `object_id` - (Required) The object ID of a user, service principal or security 98 group in the Azure Active Directory tenant for the vault. The object ID must 99 be unique for the list of access policies. 100 101 * `key_permissions` - (Required) List of key permissions, must be one or more from 102 the following: `all`, `backup`, `create`, `decrypt`, `delete`, `encrypt`, `get`, 103 `import`, `list`, `restore`, `sign`, `unwrapKey`, `update`, `verify`, `wrapKey`. 104 105 * `secret_permissions` - (Required) List of secret permissions, must be one or more 106 from the following: `all`, `delete`, `get`, `list`, `set`. 107 108 ## Attributes Reference 109 110 The following attributes are exported: 111 112 * `id` - The Vault ID. 113 * `vault_uri` - The URI of the vault for performing operations on keys and secrets.