Azure Disk Encryption key_vault_key_id using for_each

ryan.cert1 · November 10, 2023, 1:44am

I am using a csvdecode with for_each loop.

from my CSV file, i have diskencrypt.csv and keyvault.csv

to my keyvault.csv, i have a column for key creation

my command for Azure key vault key is below which is successfully created.

locals {
  kv = csvdecode(file("./keyvault.csv"))
}

#Keyvault Key ---for disk encryption
resource "azurerm_key_vault_key" "vm-key" {
  for_each     = { for index, kv in local.kv : kv.name => kv }
  provider     = azurerm.nonprod
  name         = each.value.key
  key_vault_id = azurerm_key_vault.kv[each.key].id
  key_type     = "RSA"
  key_size     = 2048

  depends_on = [
    azurerm_key_vault_access_policy.kv-user
  ]

  key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
  ]


}


data "azurerm_client_config" "current" {}

resource "azurerm_key_vault_access_policy" "kv-user" {
  for_each = { for index, kv in local.kv : kv.name => kv }

  provider     = azurerm.nonprod
  key_vault_id = azurerm_key_vault.kv[each.key].id

  tenant_id = data.azurerm_client_config.current.tenant_id
  object_id = data.azurerm_client_config.current.object_id

  key_permissions = [
    "Create",
    "Delete",
    "Get",
    "Purge",
    "Recover",
    "Update",
    "List",
    "Decrypt",
    "Sign",
    "Backup",
    "Encrypt",
    "Import",
    "Restore",
    "UnwrapKey",
    "Verify",
    "WrapKey",
    "Release",
    "Rotate",
    "GetRotationPolicy",
    "SetRotationPolicy"

  ]

  secret_permissions = [
    "Backup",
    "Delete",
    "Get",
    "Purge",
    "Recover",
    "List",
    "Restore",
    "Set"
  ]

  certificate_permissions = [
    "Backup",
    "Delete",
    "Create",
    "DeleteIssuers",
    "Get",
    "GetIssuers",
    "Import",
    "List",
    "ListIssuers",
    "ManageContacts",
    "ManageIssuers",
    "Purge",
    "Recover",
    "Restore",
    "SetIssuers",
    "Update"

  ]

}

to my diskencrypt.csv file i have declared the name of the key

locals {
  de = csvdecode(file("./diskencrypt.csv"))
}

#Disk Encryption
resource "azurerm_disk_encryption_set" "en-set" {
for_each            = { for index, de in local.de : de.name => de }  

 provider            = azurerm.nonprod
 name                = each.key
 resource_group_name = each.value.resource_group
 location            = each.value.location
key_vault_key_id    = azurerm_key_vault_key.vm-key[each.value.key].id 



identity {
  type = "SystemAssigned"
}

depends_on = [azurerm_key_vault.kv,azurerm_key_vault_key.vm-key]

}

it is not working as it cannot get the ID of the key.

any suggestions? appreciate your help. thanks

Topic		Replies	Views
Terraform for_each invalid index Terraform hcp-terraform , vault , azure	0	1492	March 23, 2021
For_each and multiple loops Terraform azure	3	2733	December 28, 2022
How to use multiple keyvaults and use loops or for_each? Terraform	3	3504	May 28, 2022
Iterrate over keys from vault Terraform vault	1	809	June 21, 2022
Terraform update access policy azure Terraform azure	0	670	March 24, 2021

Azure Disk Encryption key_vault_key_id using for_each

Related topics