| addon_resource_group_name |
The name of the addon vnet resource group |
string |
"" |
no |
| addon_vent_link |
The name of the addon vnet |
bool |
false |
no |
| addon_virtual_network_id |
The name of the addon vnet link vnet id |
string |
"" |
no |
| admin_objects_ids |
IDs of the objects that can do all operations on all keys, secrets and certificates. |
list(string) |
[] |
no |
| certificate_contacts |
Contact information to send notifications triggered by certificate lifetime events |
list(object({
email = string
name = optional(string)
phone = optional(string)
})) |
[] |
no |
| diagnostic_setting_enable |
n/a |
bool |
false |
no |
| diff_sub |
Flag to tell whether dns zone is in different sub or not. |
bool |
false |
no |
| enable_private_endpoint |
Manages a Private Endpoint to Azure database for MySQL |
bool |
true |
no |
| enable_rbac_authorization |
(Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. |
bool |
true |
no |
| enabled |
Set to false to prevent the module from creating any resources. |
bool |
true |
no |
| enabled_for_deployment |
Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
bool |
false |
no |
| enabled_for_disk_encryption |
Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false |
bool |
true |
no |
| enabled_for_template_deployment |
Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
bool |
false |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| eventhub_authorization_rule_id |
Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. |
string |
null |
no |
| eventhub_name |
Specifies the name of the Event Hub where Diagnostics Data should be sent. |
string |
null |
no |
| existing_private_dns_zone |
Name of the existing private DNS zone |
string |
null |
no |
| existing_private_dns_zone_resource_group_name |
The name of the existing resource group |
string |
"" |
no |
| extra_tags |
Variable to pass extra tags. |
map(string) |
null |
no |
| kv_logs |
n/a |
object({
enabled = bool
category = optional(list(string))
category_group = optional(list(string))
}) |
{
"category_group": [
"AllLogs"
],
"enabled": true
} |
no |
| label_order |
Label order, e.g. sequence of application name and environment name,environment,'attribute' [webserver,qa,devops,public,] . |
list(any) |
[] |
no |
| location |
Location where resource group will be created. |
string |
null |
no |
| log_analytics_destination_type |
Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table. |
string |
"AzureDiagnostics" |
no |
| log_analytics_workspace_id |
n/a |
string |
null |
no |
| managed_hardware_security_module_enabled |
Create a KeyVault Managed HSM resource if enabled. Changing this forces a new resource to be created. |
bool |
false |
no |
| managedby |
ManagedBy, eg ''. |
string |
"" |
no |
| metric_enabled |
Is this Diagnostic Metric enabled? Defaults to true. |
bool |
true |
no |
| multi_sub_vnet_link |
Flag to control creation of vnet link for dns zone in different subscription |
bool |
false |
no |
| name |
Name (e.g. app or cluster). |
string |
"" |
no |
| network_acls |
Object with attributes: bypass, default_action, ip_rules, virtual_network_subnet_ids. Set to null to disable. See https://www.terraform.io/docs/providers/azurerm/r/key_vault.html#bypass for more information. |
object({
bypass = optional(string, "None"),
default_action = optional(string, "Deny"),
ip_rules = optional(list(string)),
virtual_network_subnet_ids = optional(list(string)),
}) |
{} |
no |
| public_network_access_enabled |
(Optional) Whether public network access is allowed for this Key Vault. Defaults to true |
bool |
true |
no |
| purge_protection_enabled |
Is Purge Protection enabled for this Key Vault? Defaults to false |
bool |
true |
no |
| reader_objects_ids |
IDs of the objects that can read all keys, secrets and certificates. |
list(string) |
[] |
no |
| repository |
Terraform current module repo |
string |
"" |
no |
| resource_group_name |
A container that holds related resources for an Azure solution |
string |
"" |
no |
| sku_name |
The Name of the SKU used for this Key Vault. Possible values are standard and premium |
string |
"standard" |
no |
| sku_name_hsm |
The Name of the SKU used for this Key Vault hsm. |
string |
"Standard_B1" |
no |
| soft_delete_retention_days |
The number of days that items should be retained for once soft-deleted. The valid value can be between 7 and 90 days |
number |
90 |
no |
| storage_account_id |
The ID of the Storage Account where logs should be sent. |
string |
null |
no |
| subnet_id |
The resource ID of the subnet |
string |
"" |
no |
| virtual_network_id |
The name of the virtual network |
string |
"" |
no |