KeyVault
Resource Icon
Resource Overview
Azure Key Vault is a cloud security service that securely stores and provides controlled access to sensitive information such as secrets, keys, and certificates.
Associated Resources
Parent Resources
Connected Resources
Resource Configuration
Basic Settings
sku_name: Pricing tier for selecting the scale and features of Key Vault -standard,premiumenabled_for_disk_encryption: Allows Azure Disk Encryption to retrieve secrets and keys from the vault -true,falsesoft_delete_retention_days: Number of days to retain deleted items -7~90purge_protection_enabled: Enables purge protection to prevent data loss -true,false
Network Access Control (network_acl)
network_acl_bypass: Whether to allow firewall bypass for trusted services -AzureServices,Nonenetwork_acl_action: Default action when IP rules do not match -Deny,Allownetwork_acl_ip_rules: List of IP addresses or CIDR ranges allowed to access Key Vault
Access Policies (access_policies)
access_policies.object_id: Object ID used to identify the security principal accessing the vaultaccess_policies.key_permissions: List of permissions for keysaccess_policies.secret_permissions: List of permissions for secretsaccess_policies.certificate_permissions: List of permissions for certificates
Key Vault Secret (key_vault_secret)
key_vault_secret.secret_value: Value of the Key Vault secretkey_vault_secret.content_type: Content type of the secretkey_vault_secret.enabled_activation_date: Whether the secret is enabled -true,falsekey_vault_secret.activation_date: UTC activation date and time of the secretkey_vault_secret.enabled_expiration_date: Whether the secret expires -true,falsekey_vault_secret.expiration_date: UTC expiration date and time of the secret
Key Vault Key (key_vault_key)
key_vault_key.type: Key type -RSA,RSA-HSM,EC,EC-HSMkey_vault_key.rsa_key_size: RSA key size -2048,3072,4096key_vault_key.elliptic_curve: Curve type for EC keyskey_vault_key.permitted_operations: List of permitted JSON Web Key operationskey_vault_key.enabled_activation_date: Whether the key is enabled -true,falsekey_vault_key.activation_date: UTC activation date and time of the keykey_vault_key.enabled_expiration_date: Whether the key expires -true,falsekey_vault_key.expiration_date: UTC expiration date and time of the key
Key Vault Certificate (key_vault_certificate)
key_vault_certificate.import_existing_certificate: Whether to import an existing certificate -true,falsekey_vault_certificate.contents: Base64-encoded certificate contentskey_vault_certificate.password: Certificate passwordkey_vault_certificate.issuer_name: Certificate issuer name -Self,Unknownkey_vault_certificate.subject: X.500 distinguished namekey_vault_certificate.validity_period_in_months: Certificate validity period (months)key_vault_certificate.content_type: Certificate content typekey_vault_certificate.enabled_export: Whether certificate export is allowed -true,falsekey_vault_certificate.enabled_reuse_key: Whether key reuse is allowed -true,falsekey_vault_certificate.key_usage: List of key usage flagskey_vault_certificate.key_type: Key type used for the certificatekey_vault_certificate.rsa_key_size: RSA key sizekey_vault_certificate.elliptic_curve: EC key curve type
Tags
tag: Tags used to categorize resources - maximum 512 characters,key:value