Azure secret import source

Use the Azure source to import secret data from Azure KeyVault into your Vault instance.

Argument reference

Refer to the HCL syntax for arguments common to all source types.

Additional arguments

Required:

• key_vault_uri (string) - The URI of the Azure KeyVault you want to import from.

The following parameters are optional. If you leave these parameters unset, Vault uses the default credential provider mechanisms, e.g. the credentials persisted to disk by a preceding az login.

• cloud_name (string: "AzureCloud") - Azure cloud to connect to
• tenant_id (string: "") - Tenant ID to use
• client_id (string: "") - Client ID to use
• credentials_file (string: "") - Path to a file with the client secret

Example

Define and configure the my-azure-source-1 Azure source:

source_aws {
  name = "my-azure-source-1"
  key_vault_uri = "https://keyvault-1234abcd.vault.azure.net"
}

Permissions

To use Azure import, you must grant the associated Azure identity permission to read secrets from the specified KeyVault:

"Get",
"List",