英文:
AccessKey of Azure Storage created with Terraform are different from portal
问题
我使用Terraform创建Azure存储帐户,并将访问密钥(主要和次要)存储在Azure Key Vault中。
resource "azurerm_key_vault_secret" "StorageAccessKey" {
depends_on = [
azurerm_key_vault.kv,
azurerm_key_vault_access_policy.KVAccessPolicies
]
name = "Azure--Storage--AccountKey"
value = azurerm_storage_account.storage_account.primary_access_key
key_vault_id = azurerm_key_vault.kv.id
}
当我从Azure门户检查值时,访问密钥不同。
有什么问题?
英文:
I use Terraform to create an Azure Storage account and I store the Access Keys (primary and secondary) in Azure Key Vault.
resource "azurerm_key_vault_secret" "StorageAccessKey" {
depends_on = [
azurerm_key_vault.kv,
azurerm_key_vault_access_policy.KVAccessPolicies
]
name = "Azure--Storage--AccountKey"
value = azurerm_storage_account.storage_account.primary_access_key
key_vault_id = azurerm_key_vault.kv.id
}
When I check the value from the Azure Portal, the Access key are different:
What's wrong?
答案1
得分: 0
我尝试在我的环境中重新创建相同的内容,以将 Azure 存储账户的访问密钥存储在使用 Terraform 创建的 Key Vault 中。
您可以使用以下 Terraform 代码将存储账户访问密钥存储在 Key Vault 中:
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "thejarg" {
name = "theja-resource-group"
location = "eastus"
}
resource "azurerm_storage_account" "thejastorageaccount123" {
name = "thejastorageaccount1"
resource_group_name = azurerm_resource_group.thejarg.name
location = azurerm_resource_group.thejarg.location
account_tier = "Standard"
account_replication_type = "LRS"
identity {
type = "SystemAssigned"
}
}
resource "azurerm_key_vault" "thejavaulttest" {
name = "thejavault"
resource_group_name = azurerm_resource_group.thejarg.name
location = azurerm_resource_group.thejarg.location
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
access_policy {
tenant_id = "3f5c7a77-062d-426c-8582-1238b1a77336"
object_id = "a970fc40-48da-4ac7-b126-b40206699b9c"
key_permissions = ["Create", "Get"]
secret_permissions = ["Set", "Get", "Delete", "Purge", "Recover", "List"]
storage_permissions = ["Get", "Set"]
}
}
resource "azurerm_key_vault_secret" "primary_storage_key" {
name = "primary-storage-key"
value = azurerm_storage_account.thejastorageaccount123.primary_access_key
key_vault_id = azurerm_key_vault.thejavaulttest.id
}
运行上述代码后,资源会成功创建。
当我检查 Key Vault 中的存储账户访问密钥时,相同的密钥会在 Key Vault 中更新。
英文:
I Tried to reproduce the same in my environment to store access key of Azure Storage account in Key Vault created with Terraform
You can use below Terraform code to store the storage account access key in Key vault.
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "thejarg" {
name = "theja-resource-group"
location = "eastus"
}
resource "azurerm_storage_account" "thejastorageaccount123" {
name = "thejastorageaccount1"
resource_group_name = azurerm_resource_group.thejarg.name
location = azurerm_resource_group.thejarg.location
account_tier = "Standard"
account_replication_type = "LRS"
identity {
type = "SystemAssigned"
}
}
resource "azurerm_key_vault" "thejavaulttest" {
name = "thejavault"
resource_group_name = azurerm_resource_group.thejarg.name
location = azurerm_resource_group.thejarg.location
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
access_policy {
tenant_id = "3f5c7a77-062d-426c-8582-1238b1a77336"
object_id = "a970fc40-48da-4ac7-b126-b40206699b9c"
key_permissions = ["Create","Get",]
secret_permissions = ["Set","Get","Delete","Purge", "Recover","List"]
storage_permissions = ["Get","Set"]
}
}
resource "azurerm_key_vault_secret" "primary_storage_key" {
name = "primary-storage-key"
value = azurerm_storage_account.thejastorageaccount123.primary_access_key
key_vault_id = azurerm_key_vault.thejavaulttest.id
}
Once ran the above code resources are created successfully.
When I check the storage account access key in key vault, the same key is updated in key vault.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论