Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for updating Key Vault Certificate content #17358

Closed
1 task done
mkemmerz opened this issue Jun 23, 2022 · 3 comments · Fixed by #20627
Closed
1 task done

Add support for updating Key Vault Certificate content #17358

mkemmerz opened this issue Jun 23, 2022 · 3 comments · Fixed by #20627
Labels
enhancement service/key-vault Key Vault
Milestone
v3.69.0

Comments

@mkemmerz
Copy link

mkemmerz commented Jun 23, 2022
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently changing the content of a Key Vault certificate re-creates the resource (documentation). This means it destroys the certifcate and creates it again with the new content. This can't be done if Purge Protection is enabled on the Key Vault, which is a best practice.

Terraform fails its operation in this case:
image

Therefore there should exist an option to simply update the content. Azure Portal supports this by creating a new version of the certificate:
image

New or Affected Resource(s)/Data Source(s)

azurerm_key_vault_certificate

Potential Terraform Configuration

resource "azurerm_key_vault_certificate" "example" {
  name         = "imported-cert"
  key_vault_id = azurerm_key_vault.example.id
  create_new_version = true // <- this could indicate to not re-create the tf resource

  certificate {
    contents = filebase64("certificate-to-import.pfx")
    password = ""
  }
}

References

No response
@ssergio25
Copy link

We have the same issue , Terraform tries to destroy the existing certificate, when what we want to do is update a new version of the soon to be expired cert.

image

@dvob dvob mentioned this issue Feb 23, 2023
Merged
@ghost
Copy link

ghost commented Apr 4, 2023

Do we have any updates on this issue, I see a PR was created a month ago but this would be good to get included in the next terraform release

@mbfrahry mbfrahry added this to the v3.69.0 milestone Aug 9, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement service/key-vault Key Vault
Projects
None yet
Milestone
v3.69.0
4 participants
@mbfrahry @mkemmerz @ssergio25 @rcskosir