Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key Vault: support for enabling soft delete / purge protection #5328

Closed
ricohomewood opened this issue Jan 7, 2020 · 2 comments
Closed

Key Vault: support for enabling soft delete / purge protection #5328

ricohomewood opened this issue Jan 7, 2020 · 2 comments
Labels
duplicate enhancement service/key-vault Key Vault

Comments

@ricohomewood
Copy link

ricohomewood commented Jan 7, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Support for Enabling Soft Delete and Purge Protection for Key Vaults.

Can be done via the REST API as part of createMode or its own vault properties enablePurgeProtection and enableSoftDelete.

New or Affected Resource(s)

azurerm_key_vault

Potential Terraform Configuration

resource "azurerm_key_vault" "example" {
  name                        = "testvault"
  location                    = "${azurerm_resource_group.example.location}"
  resource_group_name         = "${azurerm_resource_group.example.name}"
  enabled_for_disk_encryption = true
  enable_soft_delete         = true #Specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value.
  enable_purge_protection     = true #The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
  tenant_id                   = "d6e396d0-5584-41dc-9fc0-268df99bc610"

  sku_name = "standard"

  access_policy {
    tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610"
    object_id = "d746815a-0433-4a21-b95d-fc437d2d475b"

    key_permissions = [
      "get",
    ]

    secret_permissions = [
      "get",
    ]

    storage_permissions = [
      "get",
    ]
  }

  network_acls {
    default_action = "Deny"
    bypass         = "AzureServices"
  }

  tags = {
    environment = "Production"
  }
}

References
@tombuildsstuff
Copy link
Contributor

hi @ricohomewood

Thanks for opening this issue :)

Taking a look through this appears to be a duplicate of #1329 - rather than having multiple issues open tracking the same thing I'm going to close this issue in favour of that one; would you mind subscribing to #1329 for updates?

Thanks!

@ghost
Copy link

ghost commented Mar 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
duplicate enhancement service/key-vault Key Vault
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tombuildsstuff @ricohomewood