You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+17-2Lines changed: 17 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -164,7 +164,7 @@ module "key-vault" {
164
164
# .... omitted
165
165
166
166
# The contacts information is shared by all the certificates in the key vault.
167
-
# A notification is sent to all the specified contacts for an event for any certificate in the key vault.
167
+
# A notification is sent to all the specified contacts for any certificate event in the key vault.
168
168
# This field can only be set once user has `managecontacts` certificate permission.
169
169
certificate_contacts = [
170
170
{
@@ -265,24 +265,35 @@ azuread | >= 2.7.0
265
265
266
266
Name | Description | Type | Default
267
267
---- | ----------- | ---- | -------
268
+
`create_resource_group`|Whether to create resource group and use it for all networking resources|string|`false`
268
269
`resource_group_name` | The name of the resource group in which resources are created | string | `""`
270
+
`location`|The location/region to keep all your network resources|string|`""`
269
271
`key_vault_name`|The name of the key vault|string|`""`
270
272
`key_vault_sku_pricing_tier`|The name of the SKU used for the Key Vault. The options are: `standard`, `premium`.|string|`"standard"`
271
273
`enabled_for_deployment`|Allow Virtual Machines to retrieve certificates stored as secrets from the Key Vault|string|`"false"`
272
274
`enabled_for_disk_encryption`|Allow Disk Encryption to retrieve secrets from the vault and unwrap keys|string|`"false"`
273
275
`enabled_for_template_deployment`|Allow Resource Manager to retrieve secrets from the Key Vault|string|`"false"`
274
-
`enable_purge_protection`|Is Purge Protection enabled for this Key Vault?|string|`"false"`
275
276
`enable_rbac_authorization`|Specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions|string|`false`
277
+
`enable_purge_protection`|Is Purge Protection enabled for this Key Vault?|string|`"false"`
276
278
`soft_delete_retention_days`|The number of days that items should be retained for once soft-deleted. The valid value can be between 7 and 90 days|string|`90`
277
279
`access_policies`|List of access policies for the Key Vault|list|`{}`
278
280
`azure_ad_user_principal_names`|List of user principal names of Azure AD users|list| `[]`
279
281
`azure_ad_group_names`|List of names of Azure AD groups|list|`[]`
282
+
`azure_ad_service_principal_names`|List of names of Azure AD service principals|list|`[]`
280
283
`key_permissions`|List of key permissions, must be one or more from the following: `backup`, `create`, `decrypt`, `delete`, `encrypt`, `get`, `import`, `list`, `purge`, `recover`, `restore`, `sign`, `unwrapKey`, `update`, `verify` and `wrapKey`.|list|`[]`
281
284
`secret_permissions`|List of secret permissions, must be one or more from the following: `backup`, `delete`, `get`, `list`, `purge`, `recover`, `restore` and `set`. |list|`[]`
282
285
`certificate_permissions`|List of certificate permissions, must be one or more from the following: `backup`, `create`, `delete`, `deleteissuers`, `get`, `getissuers`, `import`, `list`, `listissuers`, `managecontacts`, `manageissuers`, `purge`, `recover`, `restore`, `setissuers` and `update`.|list|`[]`
283
286
`storage_permissions`|List of storage permissions, must be one or more from the following: `backup`, `delete`, `deletesas`, `get`, `getsas`, `list`, `listsas`, `purge`, `recover`, `regeneratekey`, `restore`, `set`, `setsas` and `update`. |list|`[]`
284
287
`network_acls`|Configure Azure Key Vault firewalls and virtual networks|list| `{}`
285
288
`secrets`|A map of secrets for the Key Vault|map| `{}`
289
+
`random_password_length`|The desired length of random password created by this module|number|`32`
290
+
`certificate_contacts`|Contact information to send notifications triggered by certificate lifetime events|list|`[]`
291
+
`enable_private_endpoint`|Manages a Private Endpoint to Azure Container Registry|string|`false`
292
+
`virtual_network_name`|The name of the virtual network for the private endpoint creation. conflicts with `existing_vnet_id`and shouldn't use both.|string|`""`
293
+
`private_subnet_address_prefix`|Address prefix of the subnet for private endpoint creation. conflicts with `existing_subnet_id` and shouldn't use both|list(string)|`null`
294
+
`existing_vnet_id`|The resoruce id of existing Virtual network for private endpoint creation. Conflicts with `virtual_network_name`and shouldn't use both|string|`null`
295
+
`existing_subnet_id`|The resource id of existing subnet for private endpoint creation. Conflicts with `private_subnet_address_prefix` and shouldn't use both|string|`null`
296
+
`existing_private_dns_zone`|The name of exisging private DNS zone|string|`null`
286
297
`log_analytics_workspace_id`|The id of log analytic workspace to send logs and metrics.|string|`"null"`
287
298
`storage_account_id`|The id of storage account to send logs and metrics|string|`"null"`
288
299
`Tags`|A map of tags to add to all resources|map|`{}`
@@ -296,6 +307,10 @@ Name | Description
296
307
`key_vault_uri`|The URI of the Key Vault, used for performing operations on keys and secrets
297
308
`secrets`|A mapping of secret names and URIs
298
309
`Key_vault_references`|A mapping of Key Vault references for App Service and Azure Functions
310
+
`key_vault_private_endpoint`|The ID of the Key Vault Private Endpoint
311
+
`key_vault_private_dns_zone_domain`|DNS zone name for Key Vault Private endpoints dns name records
0 commit comments