» vault_azure_secret_backend_role

Creates an Azure Secret Backend Role for Vault.

The Azure secrets engine dynamically generates Azure service principals and role assignments. Vault roles can be mapped to one or more Azure roles, providing a simple, flexible way to manage the permissions granted to generated service principals.

» Example Usage

resource "vault_azure_secret_backend" "azure" {
  subscription_id = var.subscription_id
  tenant_id = var.tenant_id
  client_secret = var.client_secret
  client_id = var.client_id
}

resource "vault_azure_secret_backend_role" "generated_role" {
  backend                     = "${vault_azure_secret_backend.azure.path}"
  role                        = "generated_role"
  ttl                         = 300
  max_ttl                     = 600

  azure_roles {
    role_name = "Reader"
    scope =  "/subscriptions/${var.subscription_id}/resourceGroups/azure-vault-group"
  }
}

resource "vault_azure_secret_backend_role" "existing_object_id" {
  backend                     = "${vault_azure_secret_backend.azure.path}"
  role                        = "existing_object_id"
    application_object_id           = "11111111-2222-3333-4444-44444444444"
  ttl                         = 300
  max_ttl                     = 600
}

» Argument Reference

The following arguments are supported:

  • role - (Required) Name of the Azure role
  • backend - Path to the mounted Azure auth backend
  • azure_roles - List of Azure roles to be assigned to the generated service principal.
  • application_object_id - Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, azure_roles will be ignored.
  • ttl – (Optional) Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
  • max_ttl – (Optional) Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.

» Attributes Reference

No additional attributes are exported by this resource.