Azure Key Vault Pt.1

As you learn to use IaC and Terraform, it is natural to progress from initially supplying credentials for a resource in the main.tf file, to using a variable with values supplied by a file not checked into a repo, and then finally graduating to using Azure Key Vault. However, the first two methods are insecure and should only be used for infrastructure with a temporary lifespan and not used in production.

This post will explain how to define a secret in Azure Key Vault and retrieve it via Terraform for use as credentials for an instantiated VM. We will rely on the technique covered in this blog post, which explains how to use data sources for resource reference with Terraform.

To get started, add a secret to your Key Vault that we can reference later with code. 

Then, add a few data segments to your Terraform file (note: "vault_url" has been deprecated, so use "key_vault_id").

Get the password already set from the Azure Key Vault:

admin_password      = data.azurerm_key_vault_secret.vmpassword.value

  

That's all there is to it! In Part 2, we will cover how to create an Azure Key Vault and its credentials via Terraform.

You should also read:

Azure Hybrid Connect

Background: The organization I work for needed to move over 100 internally hosted apps to Azure's web app hosting functionality due to soon-to-be…