Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_key_vault_key not working for azurerm_key_vault_managed_hardware_security_module #12403

Closed
schmaxe opened this issue Jun 29, 2021 · 4 comments
Closed

azurerm_key_vault_key not working for azurerm_key_vault_managed_hardware_security_module #12403

schmaxe opened this issue Jun 29, 2021 · 4 comments
Labels
question service/key-vault Key Vault

Comments

@schmaxe
Copy link

schmaxe commented Jun 29, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v1.0.0
azurerm v2.63.0

Affected Resource(s)

azurerm_key_vault_key
azurerm_key_vault_managed_hardware_security_module

Terraform Configuration Files

resource "azurerm_key_vault_key" "key" {
name = var.key_name
key_vault_id = var.manged_hsm_id
key_type = "RSA"
key_size = 4096

// max. Lifespan of 4 years (~35000h)
expiration_date = timeadd(timestamp(), "35000h")

key_opts = [
"unwrapKey",
"wrapKey",
]
}

Debug Output


│ Error: ID was missing the vaults element

│ with azurerm_key_vault_key.key,
│ on main.tf line 2, in resource "azurerm_key_vault_key" "key":
│ 2: resource "azurerm_key_vault_key" "key" {


ERRO[0032] Hit multiple errors:
Hit multiple errors:
exit status 1

Panic Output

Expected Behaviour

Creation of the Key inside the Managed HSM

Actual Behaviour

Key wont be created because of a key vault id check that it contains ".../vaults/.."

Steps to Reproduce

  • deploy and activate a managed HSM (activation through az command)
  • try to deploy a key inside the managed HSM

Important Factoids

References

  • #0000
@schmaxe

This comment has been minimized.

Sign in to view
@tombuildsstuff
Copy link
Contributor

hi @schmaxe

Thanks for opening this issue.

Taking a look through here it appears that you need to use the field hsm_uri here.

This forum is intended to be used for feature enhancements and bugs in the Azure Provider - so that we can keep this forum focused on that we instead ask that broader questions are raised using one of the Community Resources. As such I'm going to close this issue for the moment, but I believe you should be able to get an answer for this using one of the Community Resources.

Thanks!

@schmaxe
Copy link
Author

schmaxe commented Aug 12, 2021

@tombuildsstuff
Thank you for your answer.
But we were using the hsm_uri field.
The problem is a different one. We are not able to deploy a key with azurerm_key_vault_key inside a managed hsm.
Because of a check that validates the uri. The HSM uri don't contain the "../vaults/.." identifier.

Best regards,
Max

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question service/key-vault Key Vault
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tombuildsstuff @katbyte @schmaxe