Skip to content

Commit

Permalink
Merge pull request #7129 from jlpedrosa/disk_encryption_set_doc_update
Browse files Browse the repository at this point in the history 
Update docs for azurerm_disk_encryption_set
  • Loading branch information
@tombuildsstuff
tombuildsstuff committed Jun 4, 2020
2 parents b0f7d4a + 82ff54a commit 09ea91d
Showing 1 changed file with 46 additions and 27 deletions.
73 changes: 46 additions & 27 deletions website/docs/r/disk_encryption_set.html.markdown
View file
Expand Up @@ -10,7 +10,6 @@ description: |-

Manages a Disk Encryption Set.

-> **NOTE:** At this time the Key Vault used to store the Active Key for this Disk Encryption Set must have both Soft Delete & Purge Protection enabled - which are not yet supported by Terraform - instead you can configure this using [a provisioner](https://www.terraform.io/docs/provisioners/local-exec.html) or [the `azurerm_template_deployment` resource](https://www.terraform.io/docs/providers/azurerm/r/template_deployment.html).

## Example Usage

Expand All @@ -27,32 +26,14 @@ resource "azurerm_resource_group" "example" {
}
resource "azurerm_key_vault" "example" {
name = "des-example-keyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "premium"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"create",
"get",
"delete",
"list",
"wrapkey",
"unwrapkey",
"get",
]
secret_permissions = [
"get",
"delete",
"set",
]
}
name = "des-example-keyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
tenant_id = data.azurerm_client_config.current.tenant_id
enabled_for_disk_encryption = true
soft_delete_enabled = true
purge_protection_enabled = true
sku_name = "premium"
}
resource "azurerm_key_vault_key" "example" {
Expand All @@ -61,6 +42,10 @@ resource "azurerm_key_vault_key" "example" {
key_type = "RSA"
key_size = 2048
depends_on = [
azurerm_key_vault_access_policy.example-user
]
key_opts = [
"decrypt",
"encrypt",
Expand All @@ -76,7 +61,41 @@ resource "azurerm_disk_encryption_set" "example" {
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
key_vault_key_id = azurerm_key_vault_key.example.id
identity {
type = "SystemAssigned"
}
}
resource "azurerm_key_vault_access_policy" "example-disk" {
key_vault_id = azurerm_key_vault.example.id
tenant_id = azurerm_disk_encryption_set.example.identity.0.tenant_id
object_id = azurerm_disk_encryption_set.example.identity.0.principal_id
key_permissions = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
resource "azurerm_key_vault_access_policy" "example-user" {
key_vault_id = azurerm_key_vault.example.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"get",
"create",
"delete"
]
}
```

## Argument Reference
Expand Down

0 comments on commit 09ea91d

Please sign in to comment.