Skip to content

Data Source: azurermKeyVault

Use this data source to access information about an existing Key Vault.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermKeyVaultExample =
  new azurerm.dataAzurermKeyVault.DataAzurermKeyVault(this, "example", {
    name: "mykeyvault",
    resource_group_name: "some-resource-group",
  });
new cdktf.TerraformOutput(this, "vault_uri", {
  value: dataAzurermKeyVaultExample.vaultUri,
});

Argument Reference

The following arguments are supported:

  • name - Specifies the name of the Key Vault.

  • resourceGroupName - The name of the Resource Group in which the Key Vault exists.

Attributes Reference

The following attributes are exported:

  • id - The Vault ID.

  • vaultUri - The URI of the vault for performing operations on keys and secrets.

  • location - The Azure Region in which the Key Vault exists.

  • tenantId - The Azure Active Directory Tenant ID used for authenticating requests to the Key Vault.

  • skuName - The Name of the SKU used for this Key Vault.

  • accessPolicy - One or more accessPolicy blocks as defined below.

  • enabledForDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?

  • enabledForDiskEncryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?

  • enabledForTemplateDeployment - Can Azure Resource Manager retrieve secrets from the Key Vault?

  • enableRbacAuthorization - Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?

  • purgeProtectionEnabled - Is purge protection enabled on this Key Vault?

  • publicNetworkAccessEnabled - Is public network access enabled on this Key Vault?

  • tags - A mapping of tags assigned to the Key Vault.

A accessPolicy block supports the following:

  • tenantId - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.

  • objectId - An Object ID of a User, Service Principal or Security Group.

  • applicationId - The Object ID of a Azure Active Directory Application.

  • certificatePermissions - A list of certificate permissions applicable to this Access Policy.

  • keyPermissions - A list of key permissions applicable to this Access Policy.

  • secretPermissions - A list of secret permissions applicable to this Access Policy.

  • storagePermissions - A list of storage permissions applicable to this Access Policy.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the Key Vault.