How to enable Vault access policy in Key Vault by terraform?

  Kiến thức lập trình

I am trying to create a policy in key vault with the following code

data "azurerm_client_config" "current" {}

resource "azurerm_key_vault" "akv" {
  name                        = var.kv_name
  location                    = var.location
  resource_group_name         = azurerm_resource_group.rg01.name
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  enable_rbac_authorization   = true
  purge_protection_enabled    = false
  sku_name                    = "standard"

  depends_on = [ azurerm_resource_group.rg01 ]

}

resource "azurerm_key_vault_access_policy" "akvap" {
  key_vault_id = azurerm_key_vault.akv.id
  tenant_id    = data.azurerm_client_config.current.tenant_id
  object_id    = azurerm_kubernetes_cluster.aks.key_vault_secrets_provider[0].secret_identity[0].object_id

  key_permissions = [
    "Get",
  ]

  secret_permissions = [
    "Get"
  ]

  storage_permissions = [ "Get" ]

  depends_on = [ azurerm_key_vault.akv, azurerm_kubernetes_cluster.aks ]
}

I have noticed that even though the policy is created, in the “access configuration” section the “Vault access policy” option is still disabled

And I must enable it manually to be able to view the policy that has been created.

I have also tried to use the access_policy block within the azurerm_key_vault resource

I am using version 3.78.0

LEAVE A COMMENT