How to create a keyvault using VaultPropertiesArgs in C#?

Question

Pulumi · Accepted Answer

In this program, we implement an Azure Key Vault using the `VaultPropertiesArgs` class in the Pulumi Azure Native provider. The Key Vault is a service that allows secure storage of cryptographic keys and secrets in the cloud.

Here's a breakdown of the key component used:

- `Vault` is an Azure-native resource that represents a Key Vault instance in Azure.

We start by creating a `VaultPropertiesArgs` object to specify the settings of our Key Vault. Notice the properties `tenantId` and `sku`. `tenantId` should be the ID of the Azure Active Directory tenant that will be used for Key Vault authentication. `sku` details what kind of Key Vault we're creating - in our case, a standard vault.

Following that, we create a new `Vault` resource, giving it our properties object for configuration.

```csharp
using Pulumi;
using Pulumi.AzureNative.KeyVault;
using Pulumi.AzureNative.KeyVault.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var vault = new Vault("myvault", new VaultArgs
        {
            ResourceGroupName = "resource-group-name", // Replace with your resource group name
            VaultName = "myvault",
            Location = "westus", // Replace with appropriate Azure location
            Properties = new VaultPropertiesArgs
            {
                TenantId = "your-tenant-id", // Replace this with your Azure Active Directory tenant ID
                Sku = new SkuArgs
                {
                    Family = "A", // Key Vault SKU family
                    Name = "standard" // Key Vault SKU name
                },
                AccessPolicies = { }, // Add any access policies if needed
            }
        });

this.VaultUri = vault.Properties.Apply(properties => properties.VaultUri);
    }

[Output]
    public Output<string> VaultUri { get; set; }
}
```
The resource group name, location, and tenant ID are placeholders and you should replace them with your actual resource group name, preferred location, and your Azure Active Directory tenant ID, respectively.

The `AccessPolicies` argument is of type array, and you can add policies according to your requirements. The policies define who has access to the Key Vault and what permissions they have.

Please note, due to the sensitivity of Key Vaults, you might need to adjust access controls or permissions in your Azure portal.

The resulting `Vault` object exposes all of its computed output properties, like `properties`. The `Apply` method of `properties` is used to read ‘‘inside’’ this object, and access its property `VaultUri`, which is then exported as a stack output. This URI is important and used to interact with the Key Vault later on.

Further information on the Vault resource can be found in its [Pulumi documentation](https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/vault/).