Initial commit: add .gitignore and README

2026-02-09 21:51:46 -08:00
commit b970b4fc51
52 changed files with 3362 additions and 0 deletions
--- a/terraform/modules/azure/keyvault/variables.tf
+++ b/terraform/modules/azure/keyvault/variables.tf
@@ -0,0 +1,95 @@
+# Azure Key Vault Module Variables
+
+variable "resource_group_name" {
+  description = "Name of the resource group"
+  type        = string
+}
+
+variable "location" {
+  description = "Azure region"
+  type        = string
+}
+
+variable "keyvault_name" {
+  description = "Name of the Key Vault"
+  type        = string
+}
+
+variable "tenant_id" {
+  description = "Azure tenant ID"
+  type        = string
+}
+
+variable "sku_name" {
+  description = "SKU name (standard or premium)"
+  type        = string
+  default     = "standard"
+}
+
+variable "enabled_for_deployment" {
+  description = "Enable for VM deployment"
+  type        = bool
+  default     = false
+}
+
+variable "enabled_for_disk_encryption" {
+  description = "Enable for disk encryption"
+  type        = bool
+  default     = false
+}
+
+variable "enabled_for_template_deployment" {
+  description = "Enable for template deployment"
+  type        = bool
+  default     = false
+}
+
+variable "network_acls" {
+  description = "Network ACLs configuration"
+  type = object({
+    default_action             = string
+    bypass                     = string
+    ip_rules                   = list(string)
+    virtual_network_subnet_ids = list(string)
+  })
+  default = {
+    default_action             = "Deny"
+    bypass                     = "AzureServices"
+    ip_rules                   = []
+    virtual_network_subnet_ids = []
+  }
+}
+
+variable "access_policies" {
+  description = "List of access policies"
+  type = list(object({
+    object_id            = string
+    key_permissions      = list(string)
+    secret_permissions   = list(string)
+    certificate_permissions = list(string)
+    storage_permissions  = list(string)
+  }))
+  default = []
+}
+
+variable "enable_rbac" {
+  description = "Enable RBAC for Key Vault"
+  type        = bool
+  default     = false
+}
+
+variable "rbac_assignments" {
+  description = "RBAC role assignments"
+  type = map(object({
+    role_definition_name = string
+    principal_id         = string
+  }))
+  default = {}
+}
+
+variable "tags" {
+  description = "Tags to apply to resources"
+  type        = map(string)
+  default     = {}
+}
+