pulumi_wasm_providers_azure_mini::storage

Module customer_managed_key

source
Expand description

Manages a Customer Managed Key for a Storage Account.

NOTE: It’s possible to define a Customer Managed Key both within the azure.storage.Account resource via the customer_managed_key block and by using the azure.storage.CustomerManagedKey resource. However it’s not possible to use both methods to manage a Customer Managed Key for a Storage Account, since there’ll be conflicts.

§Example Usage

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    name: example
    properties:
      name: examplekv
      location: ${example.location}
      resourceGroupName: ${example.name}
      tenantId: ${current.tenantId}
      skuName: standard
      purgeProtectionEnabled: true
  storage:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${exampleAccount.identity.principalId}
      secretPermissions:
        - Get
      keyPermissions:
        - Get
        - UnwrapKey
        - WrapKey
  client:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${current.objectId}
      secretPermissions:
        - Get
      keyPermissions:
        - Get
        - Create
        - Delete
        - List
        - Restore
        - Recover
        - UnwrapKey
        - WrapKey
        - Purge
        - Encrypt
        - Decrypt
        - Sign
        - Verify
        - GetRotationPolicy
        - SetRotationPolicy
  exampleKey:
    type: azure:keyvault:Key
    name: example
    properties:
      name: tfex-key
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - decrypt
        - encrypt
        - sign
        - unwrapKey
        - verify
        - wrapKey
    options:
      dependsOn:
        - ${client}
        - ${storage}
  exampleAccount:
    type: azure:storage:Account
    name: example
    properties:
      name: examplestor
      resourceGroupName: ${example.name}
      location: ${example.location}
      accountTier: Standard
      accountReplicationType: GRS
      identity:
        type: SystemAssigned
  exampleCustomerManagedKey:
    type: azure:storage:CustomerManagedKey
    name: example
    properties:
      storageAccountId: ${exampleAccount.id}
      keyVaultId: ${exampleKeyVault.id}
      keyName: ${exampleKey.name}
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}

§Import

Customer Managed Keys for a Storage Account can be imported using the resource id of the Storage Account, e.g.

$ pulumi import azure:storage/customerManagedKey:CustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/myaccount

Structs§

Functions§

  • create
    Registers a new resource with the given unique name and arguments