在配置 Azure Key Vault 时分配密钥和值

Question

我正在通过 Terraform 配置 Azure Key Vault。有没有办法在提供期间而不是在提供之后设置键和值。我的要求是某种客户键和值应该在提供期间设置并在其他模块中使用。

resource "azurerm_resource_group" "test" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_storage_account" "test" {
  name                     = "storageaccountname"
  resource_group_name      = "${azurerm_resource_group.test.name}"
  location                 = "${azurerm_resource_group.test.location}"
  account_tier             = "Standard"
  account_replication_type = "GRS"

  tags = {
    environment = "staging"
  }
}
resource "azurerm_resource_group" "test" {
  name     = "${var.azurerm_resource_group_name}"
  location = "${var.location}"
}

resource "azurerm_key_vault" "test" {
  name                        = "${var.azurerm_key_vault}"
  location                    = "${var.location}"
  resource_group_name         = "${var.azurerm_resource_group_name}"
  enabled_for_disk_encryption = true
  tenant_id                   = "${var.tenant_id}"

  sku_name = "standard"

  access_policy {
    tenant_id = "${var.tenant_id}"
    object_id = "${var.object_id}"

    key_permissions = [
      "get",
    ]

    secret_permissions = [
      "get",
    ]

    storage_permissions = [
      "get",
    ]
  }

  network_acls {
    default_action = "Allow"
    bypass         = "AzureServices"
  }

  tags = {
    environment = "${var.tags_environment}"
  }
}
`

Answer 1

您可以使用 azurerm_key_vault_secret 通过 Terraform

设置秘密

resource "azurerm_key_vault_secret" "test" {
  name         = "secret-sauce"
  value        = "szechuan"
  key_vault_id = "${azurerm_key_vault.test.id}"

  tags = {
    environment = "Production"
  }
}

在配置 Azure Key Vault 时分配密钥和值

assign key and value while provsioing azure keyvault

azure

terraform

devops

azure-keyvault

devops-services