1. Answers
  2. Create an Azure Key Vault with Pulumi

How do I create an Azure Key Vault with Pulumi?

In this guide, we will create an Azure Key Vault using Pulumi in TypeScript. Azure Key Vault is a cloud service for securely storing and accessing secrets. We will define a Key Vault resource and its properties, including access policies and SKU.

import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";

// Define resource group
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup", {
    resourceGroupName: "my-resource-group",
    location: "WestUS",
});

// Define Key Vault
const keyVault = new azureNative.keyvault.Vault("keyVault", {
    resourceGroupName: resourceGroup.name,
    vaultName: "my-key-vault",
    location: resourceGroup.location,
    properties: {
        sku: {
            family: "A",
            name: "standard",
        },
        tenantId: "<your-tenant-id>",  // Replace with your Azure tenant ID
        accessPolicies: [{
            tenantId: "<your-tenant-id>",  // Replace with your Azure tenant ID
            objectId: "<your-object-id>",  // Replace with your Azure object ID
            permissions: {
                keys: ["get", "list", "create", "delete"],
                secrets: ["get", "list", "set", "delete"],
                certificates: ["get", "list", "create", "delete"],
            },
        }],
    },
    tags: {
        environment: "development",
    },
});

// Export the Key Vault URI
export const keyVaultUri = keyVault.properties.vaultUri;

Key Points:

  • We start by defining a resource group to contain our Key Vault.
  • We then create the Key Vault itself, specifying properties such as location, SKU, tenant ID, and access policies.
  • Access policies define the permissions for accessing keys, secrets, and certificates within the Key Vault.
  • Finally, we export the Key Vault URI for use in other parts of our infrastructure.

Summary:

We created an Azure Key Vault using Pulumi in TypeScript. This involved setting up a resource group, defining the Key Vault properties, and configuring access policies for secure management of keys, secrets, and certificates.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up