Terraform create a azure key vault

0
votes

I am using Terraform to create a KeyVault resource using terraform.

The key vault policy required a argument object_id. I don't know where to retrieve this value from.

This is the error I receive:

Error: expected "object_id" to be a valid UUID, got 
 on modules/keyvault/main.tf line 42, in resource "azurerm_key_vault_access_policy" "policy":
 42: resource "azurerm_key_vault_access_policy" "policy" {

The policy for the keyvault is set like this:

# Create an Azure Key Vault access policy
resource "azurerm_key_vault_access_policy" "policy" {
  for_each                = var.policies
  key_vault_id            = azurerm_key_vault.key-vault.id
  tenant_id               = lookup(each.value, "tenant_id")
  object_id               = lookup(each.value, "object_id")
  key_permissions         = lookup(each.value, "key_permissions")
  secret_permissions      = lookup(each.value, "secret_permissions")
  certificate_permissions = lookup(each.value, "certificate_permissions")
  storage_permissions     = lookup(each.value, "storage_permissions")
}

I am using terraform version 0.12 and azure provider 2.35.

1
terraformazure-keyvaultterraform-provider-azure
The object_id is the id that you want to grant permission to access the key vault. You need to know what is it first.Charles Xu

1 Answers

2
votes

You should be able to get the object_id. If you are just playing around you can hard code it. If you are deploying with a CI, you might want consider setting this as a variable and creating a second policy for a group you belong to. Otherwise you will end up flipping the object_id on the policy based on the runner and could have undesirable effects.

provider "azurerm" {
    features {}
}

data "azurerm_client_config" "current" {
}

output "object_id" {
  value = data.azurerm_client_config.current.object_id
}