states.azurerm.keyvault.key¶
Azure Resource Manager (ARM) Key State Module
New in version 2.0.0.
Changed in version 4.0.0.
maintainer: | |
---|---|
configuration: | This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive. Required provider parameters:
Optional provider parameters: cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
Example acct setup for Azure Resource Manager authentication: azurerm:
default:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
secret: XXXXXXXXXXXXXXXXXXXXXXXX
cloud_environment: AZURE_PUBLIC_CLOUD
user_pass_auth:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
username: fletch
password: 123pass
The authentication parameters can also be passed as a dictionary of keyword arguments to the |
-
idem_azurerm.states.azurerm.keyvault.key.
absent
(hub, ctx, name, vault_url, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Changed in version 4.0.0.
Ensure the specified key does not exist within the given key vault.
Parameters: - name – The name of the key to delete.
- vault_url – The URL of the vault that the client will access.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure key is absent: azurerm.keyvault.key.absent: - name: my_key - vault_url: my_vault
-
idem_azurerm.states.azurerm.keyvault.key.
present
(hub, ctx, name, key_type, vault_url, key_operations=None, size=None, curve=None, hardware_protected=None, enabled=None, expires_on=None, not_before=None, tags=None, connection_auth=None, **kwargs)¶ New in version 2.0.0.
Changed in version 4.0.0.
Ensure the specified key exists within the given key vault. Requires keys/create permission. Key properties can be specified as keyword arguments.
Parameters: - name – The name of the new key. Key names can only contain alphanumeric characters and dashes.
- key_type – The type of key to create. Possible values include: ‘ec’, ‘ec_hsm’, ‘oct’, ‘rsa’, ‘rsa_hsm’.
- vault_url – The URL of the vault that the client will access.
- key_operations – A list of permitted key operations. Possible values include: ‘decrypt’, ‘encrypt’, ‘sign’, ‘unwrap_key’, ‘verify’, ‘wrap_key’.
- size – RSA key size in bits, for example 2048, 3072, or 4096. Applies to RSA keys only.
- curve – Elliptic curve name. Defaults to the NIST P-256 elliptic curve. Possible values include: “P-256”, “P-256K”, “P-384”, “P-521”.
- enabled – Whether the key is enabled for use.
- expires_on – When the key will expire, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.
- not_before – The time before which the key can not be used, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.
- tags – Application specific metadata in the form of key-value pairs.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure key exists: azurerm.keyvault.key.present: - name: my_key - key_type: my_type - vault_url: my_vault - tags: contact_name: Elmer Fudd Gantry