CODEWITHSUNDEEP
azureterraformazure-keyvault
Muhammad Zaman
Muhammad Zaman

Reputation: 117

Terraform Populate secrets from central key vault

i am new to Terraform Scripts i am working on Azure with Terraform i have create a Resource Group and in that resource Group i have created a Key Vault i want to Populate secrets from Central Key vault is there any way ?

Upvotes: 0

Views: 2284

Answers (1)

silent
silent

Reputation: 16238

Yes, you can import secrets using the data source key_vault_secret https://www.terraform.io/docs/providers/azurerm/d/key_vault_secret.html

data "azurerm_key_vault" "existing" {
  name                = "Test1-KV"
  resource_group_name = "Test1-RG"
}

data "azurerm_key_vault_secret" "existing-sauce" {
  name         = "secret-sauce"
  key_vault_id = data.azurerm_key_vault.existing.id
}

resource "azurerm_key_vault" "new" {
  name                        = "New-KV"
  resource_group_name         = "New-RG"
 ...
}

resource "azurerm_key_vault_secret" "new-sauce" {
  name         = "secret-sauce"
  value        = data.azurerm_key_vault_secret.existing_sauce.value
  key_vault_id = azurerm_key_vault.new.id
}

Of course, the user/service principle that you run Terraform with needs to have an access policy on the KeyVault to allow reading secrets.

//edit: As I understand from the comments, you want to iterate through all the existing secrets in a KeyVault and replicate them in another KV. This not possible with Terraform as of today since there is not TF data source that would list all secrets in a KV. To use the aforementioned data source, you need to specify each secret by its name.

To achieve what you want to do you need something like powershell or az CLI.

Upvotes: 1

Related Questions