Skip to content

Commit

Permalink
chore(terraform/keyvault): enable azure rbac authorization
Browse files Browse the repository at this point in the history
  • Loading branch information
Christian Fosli committed Jan 27, 2024
1 parent dac5cac commit 8c24777
Showing 1 changed file with 1 addition and 10 deletions.
11 changes: 1 addition & 10 deletions terraform/vault.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,10 @@ resource "azurerm_key_vault" "vault" {
resource_group_name = data.azurerm_resource_group.rg.name
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
enable_rbac_authorization = true
purge_protection_enabled = false

sku_name = "standard"

tags = local.common_tags
}

resource "azurerm_key_vault_access_policy" "tfAgent" {
key_vault_id = azurerm_key_vault.vault.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id

key_permissions = ["Get"]
secret_permissions = ["Get", "Set", "Delete", "Purge", "Recover", "Restore"]
certificate_permissions = ["Get"]
}

0 comments on commit 8c24777

Please sign in to comment.