Nothing Special   »   [go: up one dir, main page]
  1. Answers
  2. Setting up an Azure Key Vault Secret

How do I configure an Azure Key Vault Secret?

In this guide, we will walk through setting up an Azure Key Vault, and creating a secret within that vault. Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using an Azure Key Vault, you can securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.

What we will do:

  1. Set up an Azure Resource Group.
  2. Create an Azure Key Vault within that resource group.
  3. Define a secret within the Key Vault.

Here’s how you can do it:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

// Create an Azure Resource Group
const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const current = azure.core.getClientConfigOutput({});
// Create an Azure Key Vault
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
    name: "examplekeyvault",
    location: example.location,
    resourceGroupName: example.name,
    tenantId: current.apply(current => current.tenantId),
    skuName: "standard",
    accessPolicies: [{
        tenantId: current.apply(current => current.tenantId),
        objectId: current.apply(current => current.objectId),
        keyPermissions: [
            "Get",
            "List",
        ],
        secretPermissions: [
            "Get",
            "List",
            "Set",
        ],
        certificatePermissions: [
            "Get",
            "List",
        ],
    }],
});
// Create a secret in the Key Vault
const exampleSecret = new azure.keyvault.Secret("example", {
    name: "example-secret",
    value: "s3cr3t-value",
    keyVaultId: exampleKeyVault.id,
});
export const keyVaultUri = exampleKeyVault.vaultUri;
export const secretId = exampleSecret.id;

Key Points:

  • The azurerm_resource_group resource creates a resource group to contain our Key Vault.
  • The azurerm_key_vault resource sets up the Key Vault with access policies to control who can access it.
  • The azurerm_key_vault_secret resource defines a secret within the Key Vault.
  • The outputs provide the Key Vault URI and the secret ID as references that can be used elsewhere.

Summary

By following this guide, you have successfully created an Azure Key Vault and securely stored a secret within it. You now have a securely accessible Key Vault that can be used to manage sensitive information in your cloud applications.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up