github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/website/source/docs/providers/azurerm/r/key_vault.html.markdown (about) 1 --- 2 layout: "azurerm" 3 page_title: "Azure Resource Manager: azurerm_key_vault" 4 sidebar_current: "docs-azurerm-resource-key-vault" 5 description: |- 6 Create a Key Vault. 7 --- 8 9 # azurerm\_key\_vault 10 11 Create a Key Vault. 12 13 ## Example Usage 14 15 ``` 16 resource "azurerm_resource_group" "test" { 17 name = "resourceGroup1" 18 location = "West US" 19 } 20 21 resource "azurerm_key_vault" "test" { 22 name = "testvault" 23 location = "West US" 24 resource_group_name = "${azurerm_resource_group.test.name}" 25 26 sku { 27 name = "standard" 28 } 29 30 tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610" 31 32 access_policy { 33 tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610" 34 object_id = "d746815a-0433-4a21-b95d-fc437d2d475b" 35 36 key_permissions = [ 37 "all", 38 ] 39 40 secret_permissions = [ 41 "get", 42 ] 43 } 44 45 enabled_for_disk_encryption = true 46 47 tags { 48 environment = "Production" 49 } 50 } 51 ``` 52 53 ## Argument Reference 54 55 The following arguments are supported: 56 57 * `name` - (Required) Specifies the name of the Key Vault resource. Changing this 58 forces a new resource to be created. 59 60 * `location` - (Required) Specifies the supported Azure location where the resource exists. 61 Changing this forces a new resource to be created. 62 63 * `resource_group_name` - (Required) The name of the resource group in which to 64 create the namespace. Changing this forces a new resource to be created. 65 66 * `sku` - (Required) An SKU block as described below. 67 68 * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be 69 used for authenticating requests to the key vault. 70 71 * `access_policy` - (Required) An access policy block as described below. At least 72 one policy is required up to a maximum of 16. 73 74 * `enabled_for_deployment` - (Optional) Boolean flag to specify whether Azure Virtual 75 Machines are permitted to retrieve certificates stored as secrets from the key 76 vault. Defaults to false. 77 78 * `enabled_for_disk_encryption` - (Optional) Boolean flag to specify whether Azure 79 Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. 80 Defaults to false. 81 82 * `enabled_for_template_deployment` - (Optional) Boolean flag to specify whether 83 Azure Resource Manager is permitted to retrieve secrets from the key vault. 84 Defaults to false. 85 86 * `tags` - (Optional) A mapping of tags to assign to the resource. 87 88 `sku` supports the following: 89 90 * `name` - (Required) SKU name to specify whether the key vault is a `standard` 91 or `premium` vault. 92 93 `access_policy` supports the following: 94 95 * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used 96 for authenticating requests to the key vault. Must match the `tenant_id` used 97 above. 98 99 * `object_id` - (Required) The object ID of a user, service principal or security 100 group in the Azure Active Directory tenant for the vault. The object ID must 101 be unique for the list of access policies. 102 103 * `key_permissions` - (Required) List of key permissions, must be one or more from 104 the following: `all`, `backup`, `create`, `decrypt`, `delete`, `encrypt`, `get`, 105 `import`, `list`, `restore`, `sign`, `unwrapKey`, `update`, `verify`, `wrapKey`. 106 107 * `secret_permissions` - (Required) List of secret permissions, must be one or more 108 from the following: `all`, `delete`, `get`, `list`, `set`. 109 110 ## Attributes Reference 111 112 The following attributes are exported: 113 114 * `id` - The Vault ID. 115 * `vault_uri` - The URI of the vault for performing operations on keys and secrets.