所有我要按terraform设置天蓝色的密钥库。有什么方法可以在准备期间而不是准备之后设置键和值。我的要求是,在提供过程中应设置某种客户密钥和值,并在其他模块中使用它。
resource "azurerm_resource_group" "test" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "test" {
name = "storageaccountname"
resource_group_name = "${azurerm_resource_group.test.name}"
location = "${azurerm_resource_group.test.location}"
account_tier = "Standard"
account_replication_type = "GRS"
tags = {
environment = "staging"
}
}
resource "azurerm_resource_group" "test" {
name = "${var.azurerm_resource_group_name}"
location = "${var.location}"
}
resource "azurerm_key_vault" "test" {
name = "${var.azurerm_key_vault}"
location = "${var.location}"
resource_group_name = "${var.azurerm_resource_group_name}"
enabled_for_disk_encryption = true
tenant_id = "${var.tenant_id}"
sku_name = "standard"
access_policy {
tenant_id = "${var.tenant_id}"
object_id = "${var.object_id}"
key_permissions = [
"get",
]
secret_permissions = [
"get",
]
storage_permissions = [
"get",
]
}
network_acls {
default_action = "Allow"
bypass = "AzureServices"
}
tags = {
environment = "${var.tags_environment}"
}
}
`
答案 0 :(得分:1)
您可以使用azurerm_key_vault_secret通过Terraform设置机密
resource "azurerm_key_vault_secret" "test" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = "${azurerm_key_vault.test.id}"
tags = {
environment = "Production"
}
}