I’m trying to create a certificate in Azure key vault with CDKTF. To do that, I need a key vault policy applied that allows the CDKTF user to do this action. The code I’ve got to do that currently looks like this:
// The deploying user (us right now in CDKTF context) need to be able to manage certificates
const deployerAccessForCertificates = new KeyVaultAccessPolicyA(
construct,
`deploy-key-vault-access`,
{
keyVaultId: vault.id,
objectId: process.env.AZURE_APP_REGISTRATION_OBJECT_ID ?? '',
tenantId: vault.tenantId,
certificatePermissions: ['Create', 'Get', 'List', 'Delete'],
}
);
This is really annoying though, because I’m already authenticating successfully and I’d like to have one less constant to pull from the Azure console. I see that this is supported in the azurerm provider now, how do I access it from CDK code? E.g. I’d like the objectId value in the above snippet to be able to grab the current user’s objectId.