azurerm_keyvault_key#

Azure Resource Manager (ARM) Key State Module

New in version 2.1.0.

maintainer:

<devops@eitr.tech>

configuration:

This module requires Azure Resource Manager credentials to be passed as a dictionary of keyword arguments to the connection_auth parameter in order to work properly. Since the authentication parameters are sensitive, it’s recommended to pass them to the states via Pillar.

Required provider parameters:

if using username and password:

  • subscription_id

  • username

  • password

if using a service principal:

  • subscription_id

  • tenant

  • client_id

  • secret

if using managed identity:

  • subscription_id

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud.

Possible values:

  • AZURE_PUBLIC_CLOUD (default)

  • AZURE_CHINA_CLOUD

  • AZURE_US_GOV_CLOUD

  • AZURE_GERMAN_CLOUD

saltext.azurerm.states.azurerm_keyvault_key.present(name, key_type, vault_url, key_operations=None, size=None, curve=None, hardware_protected=None, enabled=None, expires_on=None, not_before=None, tags=None, connection_auth=None, **kwargs)[source]#

New in version 2.1.0.

Ensure the specified key exists within the given key vault. Requires keys/create permission. Key properties can be specified as keyword arguments.

Parameters:

  • name – The name of the new key. Key names can only contain alphanumeric characters and dashes.

  • key_type – The type of key to create. Possible values include: ‘ec’, ‘ec_hsm’, ‘oct’, ‘rsa’, ‘rsa_hsm’.

  • vault_url – The URL of the vault that the client will access.

  • key_operations – A list of permitted key operations. Possible values include: ‘decrypt’, ‘encrypt’, ‘sign’, ‘unwrap_key’, ‘verify’, ‘wrap_key’.

  • size – RSA key size in bits, for example 2048, 3072, or 4096. Applies to RSA keys only.

  • curve – Elliptic curve name. Defaults to the NIST P-256 elliptic curve. Possible values include: “P-256”, “P-256K”, “P-384”, “P-521”.

  • enabled – Whether the key is enabled for use.

  • expires_on – When the key will expire, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.

  • not_before – The time before which the key can not be used, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.

  • tags – Application specific metadata in the form of key-value pairs.

  • connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure key exists:
    azurerm_keyvault_key.present:
        - name: my_key
        - key_type: my_type
        - vault_url: my_vault
        - tags:
            contact_name: Elmer Fudd Gantry
saltext.azurerm.states.azurerm_keyvault_key.absent(name, vault_url, connection_auth=None)[source]#

New in version 2.1.0.

Ensure the specified key does not exist within the given key vault.

Parameters:

  • name – The name of the key to delete.

  • vault_url – The URL of the vault that the client will access.

  • connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.

Example usage:

Ensure key is absent:
    azurerm_keyvault_key.absent:
        - name: my_key
        - vault_url: my_vault