How do I create Azure Key Vault access policies with Pulumi?
In this guide, we will create an Azure Key Vault and define access policies for it using Pulumi. Access policies are essential for controlling who can perform specific operations on the Key Vault. We will use Pulumi’s Azure Native provider to define these resources.
Key Points:
- We will create an Azure Resource Group.
- We will create an Azure Key Vault.
- We will define access policies for the Key Vault.
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
// Create an Azure Resource Group
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup", {
resourceGroupName: "example-rg",
location: "WestUS",
});
// Create an Azure Key Vault
const keyVault = new azureNative.keyvault.Vault("keyVault", {
resourceGroupName: resourceGroup.name,
vaultName: "example-kv",
location: resourceGroup.location,
properties: {
sku: {
family: "A",
name: "standard",
},
tenantId: "<your-tenant-id>",
accessPolicies: [{
tenantId: "<your-tenant-id>",
objectId: "<your-object-id>",
permissions: {
keys: ["get", "list", "create", "delete", "update", "import", "backup", "restore", "recover", "purge"],
secrets: ["get", "list", "set", "delete", "backup", "restore", "recover", "purge"],
certificates: ["get", "list", "delete", "create", "import", "update", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers"],
storage: ["get", "list", "delete", "set", "update", "regeneratekey", "setissuers", "deleteissuers", "backup", "restore", "recover", "purge"],
},
}],
},
});
export const vaultUri = keyVault.properties.vaultUri;
Summary
In this guide, we created an Azure Resource Group and an Azure Key Vault. We then defined access policies for the Key Vault to control who can perform operations on it. This setup ensures that only authorized users or applications can access and manage the secrets, keys, and certificates stored in the Key Vault.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.