azure / azure.azcollection / 0.3.0 / module / azure_rm_keyvault Manage Key Vault instance | "added in version" 2.5 of azure.azcollection" Authors: Zim Kalinowski (@zikalino) preview | supported by communityazure.azcollection.azure_rm_keyvault (0.3.0) — module
Install with ansible-galaxy collection install azure.azcollection:==0.3.0
collections: - name: azure.azcollection version: 0.3.0
Create, update and delete instance of Key Vault.
- name: Create instance of Key Vault azure_rm_keyvault: resource_group: myResourceGroup vault_name: samplekeyvault enabled_for_deployment: yes vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111 sku: name: standard access_policies: - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111 object_id: 99998888-8666-4144-9199-2d7cd0111111 keys: - get - list
sku: description: - SKU details. suboptions: family: description: - SKU family name. name: choices: - standard - premium description: - SKU name to specify whether the key vault is a standard vault or a premium vault. required: true tags: description: - Dictionary of string:string pairs to assign as metadata to the object. - Metadata tags on the object will be updated with any provided values. - To remove tags set append_tags option to false. type: dict state: choices: - absent - present default: present description: - Assert the state of the KeyVault. Use C(present) to create or update an KeyVault and C(absent) to delete it. secret: description: - Azure client secret. Use when authenticating with a Service Principal. type: str tenant: description: - Azure tenant ID. Use when authenticating with a Service Principal. type: str ad_user: description: - Active Directory username. Use when authenticating with an Active Directory user rather than service principal. type: str profile: description: - Security profile found in ~/.azure/credentials file. type: str location: description: - Resource location. If not set, location from the resource group will be used as default. password: description: - Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. type: str client_id: description: - Azure client ID. Use when authenticating with a Service Principal. type: str vault_name: description: - Name of the vault. required: true api_profile: default: latest description: - Selects an API profile to use when communicating with Azure services. Default value of C(latest) is appropriate for public clouds; future values will allow use with Azure Stack. type: str version_added: '2.5' version_added_collection: azure.azcollection append_tags: default: true description: - Use to control if tags field is canonical or just appends to existing tags. - When canonical, any tags not found in the tags parameter will be removed from the object's metadata. type: bool auth_source: choices: - auto - cli - credential_file - env - msi description: - Controls the source of the credentials to use for authentication. - If not specified, ANSIBLE_AZURE_AUTH_SOURCE environment variable will be used and default to C(auto) if variable is not defined. - C(auto) will follow the default precedence of module parameters -> environment variables -> default profile in credential file C(~/.azure/credentials). - When set to C(cli), the credentials will be sources from the default Azure CLI profile. - Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable. - When set to C(msi), the host machine must be an azure resource with an enabled MSI extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen. - The C(msi) was added in Ansible 2.6. type: str version_added: '2.5' version_added_collection: azure.azcollection recover_mode: description: - Create vault in recovery mode. type: bool vault_tenant: description: - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. resource_group: description: - The name of the Resource Group to which the server belongs. required: true access_policies: description: - An array of 0 to 16 identities that have access to the key vault. - All identities in the array must use the same tenant ID as the key vault's tenant ID. suboptions: application_id: description: - Application ID of the client making request on behalf of a principal. certificates: choices: - get - list - delete - create - import - update - managecontacts - getissuers - listissuers - setissuers - deleteissuers - manageissuers - recover - purge description: - List of permissions to certificates. keys: choices: - encrypt - decrypt - wrapkey - unwrapkey - sign - verify - get - list - create - update - import - delete - backup - restore - recover - purge description: - List of permissions to keys. object_id: description: - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. - The object ID must be unique for the list of access policies. - Please note this is not application id. Object id can be obtained by running "az ad sp show --id <application id>". required: true secrets: choices: - get - list - set - delete - backup - restore - recover - purge description: - List of permissions to secrets. storage: description: - List of permissions to storage accounts. tenant_id: description: - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. - Current keyvault C(tenant_id) value will be used if not specified. subscription_id: description: - Your Azure subscription Id. type: str cloud_environment: default: AzureCloud description: - For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable. type: str version_added: '2.4' version_added_collection: azure.azcollection adfs_authority_url: description: - Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. type: str version_added: '2.6' version_added_collection: azure.azcollection enable_soft_delete: description: - Property to specify whether the soft delete functionality is enabled for this key vault. type: bool cert_validation_mode: choices: - ignore - validate description: - Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION) environment variable. type: str version_added: '2.5' version_added_collection: azure.azcollection enabled_for_deployment: description: - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. type: bool enabled_for_disk_encryption: description: - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. type: bool enabled_for_template_deployment: description: - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. type: bool
id: description: - The Azure Resource Manager resource ID for the key vault. returned: always sample: id type: str