Skip to content

New KeyVault

Go to Automation

View in GitLab

Description

Creates or recreates an Azure Key Vault, configures network ACLs, enables RBAC and diagnostic settings, and assigns RBAC roles to an application registration or managed identity and reader groups. Retrieves deployment credentials from Passwordstate.

Credentials

  • EntrA/Service Principal credentials fetched from Passwordstate (Sys_Azure_KeyVaultDeploy_PR entry).
  • These credentials are used as client_id/secret for azure.azcollection modules.

Input

Variable Description
app_name, app_env Used to build keyvault_name
keyvault_name Name derived to max 23 chars: d09-{{ app_name }}-{{ app_env }}-kv
location, pricing_tier, subscription_id, azure_tenant Azure deployment settings
allowed_ips IP ACLs for the vault
recreate_vault Control whether to fail if vault exists (value: "no" skips create)
identity, identity_type App Registration or Managed Identity to grant secret access
reader_group, reader_group_mapping Optional group to grant reader/secret roles
mdappguid, passwordstate_list_id Tagging metadata

Output

Variable Description
keyvault_name Final Key Vault name
azure_tenant Tenant used for deployment

Dependencies