Add subscription id parameter to azurerm_key_vault_secret

after updating to latest version of terraform i can no longer access keyvault that’s in a different subscription than the current subscription, my tenancy has a lot of subscriptions but i need to share the keyvault as a common resource between subscriptions.

Can we get that back please, probably as a parameter in to the module azurerm_key_vault_secret, shouldn’t be hard to do, but it will benefit a lot of people

what version of terraform/azurerm are you using?

I currently do this now, but I’m using the data.azurerm_key_vault_secret with the keyvault_id value. Are you perhaps only using the name value?

I am using v0.11.11 for terraform

and

  • provider.azurerm: version = “~> 1.35”

i am using data.azurerm_key_vault_secret with key_vault_id populated, previously i used to use keyvaulturl that used to work perfectly.

@bikramgcnz did you get around this? I have the same problem and could use the keyvaulturl, many thanks.

Hi @robkae,

I ended up doing this, if it doesn’t make sense let me know :slightly_smiling_face:

data “azurerm_key_vault_secret” “dt-secret” {
name = “SecretName”
key_vault_id = “/subscriptions/{var.subscription_id_where_keyvault_lives}/resourceGroups/{var.resourceGroup_where_keyvault_lives}/providers/Microsoft.KeyVault/vaults/${var.keyvault_name}”
provider = azurerm.keyvaultProvider
}

provider “azurerm” {
alias = “keyvaultProvider”
subscription_id = var.subscription_id_where_keyvault_lives
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
skip_provider_registration = true
features {}
}

1 Like

@bikramgcnz worked a treat! thanks! forgot you could alias providers. Really appreciate that!

glad i could help :slight_smile: