# Azure Key Vault Module Variables variable "resource_group_name" { description = "Name of the resource group" type = string } variable "location" { description = "Azure region" type = string } variable "keyvault_name" { description = "Name of the Key Vault" type = string } variable "tenant_id" { description = "Azure tenant ID" type = string } variable "sku_name" { description = "SKU name (standard or premium)" type = string default = "standard" } variable "enabled_for_deployment" { description = "Enable for VM deployment" type = bool default = false } variable "enabled_for_disk_encryption" { description = "Enable for disk encryption" type = bool default = false } variable "enabled_for_template_deployment" { description = "Enable for template deployment" type = bool default = false } variable "network_acls" { description = "Network ACLs configuration" type = object({ default_action = string bypass = string ip_rules = list(string) virtual_network_subnet_ids = list(string) }) default = { default_action = "Deny" bypass = "AzureServices" ip_rules = [] virtual_network_subnet_ids = [] } } variable "access_policies" { description = "List of access policies" type = list(object({ object_id = string key_permissions = list(string) secret_permissions = list(string) certificate_permissions = list(string) storage_permissions = list(string) })) default = [] } variable "enable_rbac" { description = "Enable RBAC for Key Vault" type = bool default = false } variable "rbac_assignments" { description = "RBAC role assignments" type = map(object({ role_definition_name = string principal_id = string })) default = {} } variable "tags" { description = "Tags to apply to resources" type = map(string) default = {} }