azurerm_keyvault_key
#
Azure Resource Manager (ARM) Key State Module
New in version 2.1.0.
- maintainer:
- configuration:
This module requires Azure Resource Manager credentials to be passed as a dictionary of keyword arguments to the
connection_auth
parameter in order to work properly. Since the authentication parameters are sensitive, it’s recommended to pass them to the states via Pillar.Required provider parameters:
- if using username and password:
subscription_id
username
password
- if using a service principal:
subscription_id
tenant
client_id
secret
- if using managed identity:
subscription_id
Optional provider parameters:
cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud.
- Possible values:
AZURE_PUBLIC_CLOUD
(default)AZURE_CHINA_CLOUD
AZURE_US_GOV_CLOUD
AZURE_GERMAN_CLOUD
- saltext.azurerm.states.azurerm_keyvault_key.present(name, key_type, vault_url, key_operations=None, size=None, curve=None, hardware_protected=None, enabled=None, expires_on=None, not_before=None, tags=None, connection_auth=None, **kwargs)[source]#
New in version 2.1.0.
Ensure the specified key exists within the given key vault. Requires keys/create permission. Key properties can be specified as keyword arguments.
- Parameters:
name – The name of the new key. Key names can only contain alphanumeric characters and dashes.
key_type – The type of key to create. Possible values include: ‘ec’, ‘ec_hsm’, ‘oct’, ‘rsa’, ‘rsa_hsm’.
vault_url – The URL of the vault that the client will access.
key_operations – A list of permitted key operations. Possible values include: ‘decrypt’, ‘encrypt’, ‘sign’, ‘unwrap_key’, ‘verify’, ‘wrap_key’.
size – RSA key size in bits, for example 2048, 3072, or 4096. Applies to RSA keys only.
curve – Elliptic curve name. Defaults to the NIST P-256 elliptic curve. Possible values include: “P-256”, “P-256K”, “P-384”, “P-521”.
enabled – Whether the key is enabled for use.
expires_on – When the key will expire, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.
not_before – The time before which the key can not be used, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.
tags – Application specific metadata in the form of key-value pairs.
connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure key exists: azurerm_keyvault_key.present: - name: my_key - key_type: my_type - vault_url: my_vault - tags: contact_name: Elmer Fudd Gantry
- saltext.azurerm.states.azurerm_keyvault_key.absent(name, vault_url, connection_auth=None)[source]#
New in version 2.1.0.
Ensure the specified key does not exist within the given key vault.
- Parameters:
name – The name of the key to delete.
vault_url – The URL of the vault that the client will access.
connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure key is absent: azurerm_keyvault_key.absent: - name: my_key - vault_url: my_vault