CODEWITHSUNDEEP
azureazure-active-directoryterraformterraform-provider-azure
Anshuman
Anshuman

Reputation: 80

I need to create a temporary key in Azure to use in Terraform

I am using Terraform cloud and I don't want to use permanent keys in it. So, is there any to create a temporary keys in Azure Cloud(like we can create in AWS).

Upvotes: 0

Views: 612

Answers (2)

Nancy Xiong
Nancy Xiong

Reputation: 28274

When you are authenticating to Azure Cloud via Azure service principal, by default, the Az CLI command will get a password for this service principal with a one-year expiration date.

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<subscription_id>"

from your comments, in fact you want to get this password to expire in a short time. You can use az ad app credential reset to append or overwrite an application's password or certificate credentials.

For example, reset the application password with the following Az CLI commands.

az ad app credential reset --id <appId> --password <sp_password> --end-date 2020-08-13T11:59:59+00:00

enter image description here

For more information, you could read the Relationship between application objects and service principals

Upvotes: 1

Thomas Schw&#228;rzl
Thomas Schw&#228;rzl

Reputation: 9917

By creating a ServicePrincipal in AzureAD you're also able to assign a LifetimePolicy (tokenLifetimePolicies). This way you're able to have an "end of life" for the token.

Here's also a short how to on creating a new ServicePrincipal.

Alternatevily you could use this new preview feature: Configurable token lifetimes in Microsoft identity platform (Preview).

As it is a preview feature you're not supposed to use it in production environments.

Upvotes: 0

Related Questions