-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathvariables.tf
106 lines (89 loc) · 3.13 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
variable "client_name" {
description = "Client name"
type = string
}
variable "environment" {
description = "Environment name"
type = string
}
variable "stack" {
description = "Stack name"
type = string
}
variable "resource_group_name" {
description = "Resource Group the resources will belong to"
type = string
}
variable "location" {
description = "Azure location for Key Vault."
type = string
}
variable "location_short" {
description = "Short string for Azure location."
type = string
}
variable "tenant_id" {
description = "The Azure Active Directory tenant ID that should be used for authenticating requests to the Key Vault. Default is the current one."
type = string
default = ""
}
variable "sku_name" {
description = "The Name of the SKU used for this Key Vault. Possible values are \"standard\" and \"premium\"."
type = string
default = "standard"
}
variable "enabled_for_deployment" {
description = "Whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the Key Vault."
type = bool
default = false
}
variable "enabled_for_disk_encryption" {
description = "Whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys."
type = bool
default = false
}
variable "enabled_for_template_deployment" {
description = "Whether Azure Resource Manager is permitted to retrieve secrets from the Key Vault."
type = bool
default = false
}
variable "admin_objects_ids" {
description = "IDs of the objects that can do all operations on all keys, secrets and certificates."
type = list(string)
default = []
}
variable "reader_objects_ids" {
description = "IDs of the objects that can read all keys, secrets and certificates."
type = list(string)
default = []
}
variable "public_network_access_enabled" {
description = "Whether the Key Vault is available from public network."
type = bool
default = false
}
variable "network_acls" {
description = "Object with attributes: `bypass`, `default_action`, `ip_rules`, `virtual_network_subnet_ids`. Set to `null` to disable. See https://www.terraform.io/docs/providers/azurerm/r/key_vault.html#bypass for more information."
type = object({
bypass = optional(string, "None"),
default_action = optional(string, "Deny"),
ip_rules = optional(list(string)),
virtual_network_subnet_ids = optional(list(string)),
})
default = {}
}
variable "purge_protection_enabled" {
description = "Whether to activate purge protection."
type = bool
default = true
}
variable "soft_delete_retention_days" {
description = "The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` days."
type = number
default = 7
}
variable "rbac_authorization_enabled" {
type = bool
description = "Whether the Key Vault uses Role Based Access Control (RBAC) for authorization of data actions instead of access policies."
default = false
}