Key Vault
Overview
{
"key_vault": {
"name": "kv-vault-{env}",
"sku_family": "A",
"sku_name": "standard",
"tenant_id": "string",
"policies": [
{
"@function_app_name": "func-app-{env}",
"type": "FunctionApp",
"certificates": ["Get"],
"keys": ["Get"],
"secrets": ["Get"],
"storage": ["Get"]
},
{
"@web_app_name": "web-app-{env}",
"type": "WebApp",
"certificates": ["Get"],
"keys": ["Get"],
"secrets": ["Get"],
"storage": ["Get"]
}
],
"location": "northeurope",
"external": false,
"resource_group_name": "my-rg-name",
"tags": { "example": "S0" }
}
}
KeyVault Reference
| Key | Type | Description |
|---|
name (required) | string | The name of the keyvault (see how to name) |
sku_family (required) | Keyvault sku family | The sku family |
sku_name (required) | Keyvault Sku Definition | The sku name |
tenant_id | string | ID of the Tenant (defaults to the tenant id of the subscription) |
policies | Policies[] | The policies permissions for function apps or web apps (defaults to no permissions) |
location | string | Resource Location (defaults to the resource group location) |
external | bool | A reference to an existing Keyvault (defaults to false) |
resource_group_name | string | The name of the resource group where the resource is located, only with external resources (defaults to the resource group of the deployment) |
tags | object | Additional tags for the resource (defaults to no additional tags) |
KeyvaultSku
| Value | Description |
|---|
standard | Is limited to secrets and software-protected keys |
premium | Supports keys stored in Hardware Security Modules (HSMs) and are FIPS 140-2 Level 3 validated |
Policies
PolicyType
| Value | Description |
|---|
FunctionApp | Set the entity to be a function app name |
WebApp | Set the entity to be a web app name |
PolicyValues
| Value |
|---|
Backup |
Create |
Delete |
DeleteIssuers |
Get |
GetIssuers |
Import |
ManageContacts |
ManageIssuers |
Purge |
Recover |
Restore |
SetIssuers |
Update |