azure_rm_keyvaultkey – Use Azure KeyVault keys¶
New in version 2.5.
Create or delete a key within a given keyvault.
By using Key Vault, you can encrypt keys and secrets.
Such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords.
The below requirements are needed on the host that executes this module.
python >= 2.7
azure >= 2.0.0
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
- name: Create a key azure_rm_keyvaultkey: key_name: MyKey keyvault_uri: https://contoso.vault.azure.net/ - name: Delete a key azure_rm_keyvaultkey: key_name: MyKey keyvault_uri: https://contoso.vault.azure.net/ state: absent
Common return values are documented here, the following are the fields unique to this module:
Current state of the key.
key resource path.