diff --git a/azurerm/internal/services/iothub/data_source_iothub_shared_access_policy.go b/azurerm/internal/services/iothub/data_source_iothub_shared_access_policy.go
new file mode 100644
index 000000000000..50f51bcbc2f0
--- /dev/null
+++ b/azurerm/internal/services/iothub/data_source_iothub_shared_access_policy.go
@@ -0,0 +1,107 @@
+package iothub
+
+import (
+	"fmt"
+	"regexp"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmIotHubSharedAccessPolicy() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmIotHubSharedAccessPolicyRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.StringMatch(regexp.MustCompile(`[a-zA-Z0-9!._-]{1,64}`), ""+
+					"The shared access policy key name must not be empty, and must not exceed 64 characters in length.  The shared access policy key name can only contain alphanumeric characters, exclamation marks, periods, underscores and hyphens."),
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),
+
+			"iothub_name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validate.IoTHubName,
+			},
+
+			"primary_key": {
+				Type:      schema.TypeString,
+				Sensitive: true,
+				Computed:  true,
+			},
+
+			"primary_connection_string": {
+				Type:      schema.TypeString,
+				Sensitive: true,
+				Computed:  true,
+			},
+
+			"secondary_key": {
+				Type:      schema.TypeString,
+				Sensitive: true,
+				Computed:  true,
+			},
+
+			"secondary_connection_string": {
+				Type:      schema.TypeString,
+				Sensitive: true,
+				Computed:  true,
+			},
+		},
+	}
+}
+func dataSourceArmIotHubSharedAccessPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).IoTHub.ResourceClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+	iothubName := d.Get("iothub_name").(string)
+
+	accessPolicy, err := client.GetKeysForKeyName(ctx, resourceGroup, iothubName, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(accessPolicy.Response) {
+			return fmt.Errorf("Error: IotHub %q (Resource Group %q) was not found", name, resourceGroup)
+		}
+
+		return fmt.Errorf("Error loading IotHub Shared Access Policy %q (Resource Group %q): %+v", iothubName, resourceGroup, err)
+	}
+
+	iothub, err := client.Get(ctx, resourceGroup, iothubName)
+	if err != nil {
+		return fmt.Errorf("Error loading IotHub %q (Resource Group %q): %+v", iothubName, resourceGroup, err)
+	}
+
+	d.Set("name", name)
+	d.Set("iothub_name", iothubName)
+	d.Set("resource_group_name", resourceGroup)
+
+	resourceID := fmt.Sprintf("%s/IotHubKeys/%s", *iothub.ID, name)
+	d.SetId(resourceID)
+
+	d.Set("primary_key", accessPolicy.PrimaryKey)
+	if err := d.Set("primary_connection_string", getSharedAccessPolicyConnectionString(*iothub.Properties.HostName, name, *accessPolicy.PrimaryKey)); err != nil {
+		return fmt.Errorf("error setting `primary_connection_string`: %v", err)
+	}
+	d.Set("secondary_key", accessPolicy.SecondaryKey)
+	if err := d.Set("secondary_connection_string", getSharedAccessPolicyConnectionString(*iothub.Properties.HostName, name, *accessPolicy.SecondaryKey)); err != nil {
+		return fmt.Errorf("error setting `secondary_connection_string`: %v", err)
+	}
+
+	return nil
+}
diff --git a/azurerm/internal/services/iothub/registration.go b/azurerm/internal/services/iothub/registration.go
index 1da342caf6b1..e931067bded7 100644
--- a/azurerm/internal/services/iothub/registration.go
+++ b/azurerm/internal/services/iothub/registration.go
@@ -14,7 +14,8 @@ func (r Registration) Name() string {
 // SupportedDataSources returns the supported Data Sources supported by this Service
 func (r Registration) SupportedDataSources() map[string]*schema.Resource {
 	return map[string]*schema.Resource{
-		"azurerm_iothub_dps": dataSourceArmIotHubDPS(),
+		"azurerm_iothub_dps":                  dataSourceArmIotHubDPS(),
+		"azurerm_iothub_shared_access_policy": dataSourceArmIotHubSharedAccessPolicy(),
 	}
 }
 
diff --git a/azurerm/internal/services/iothub/tests/data_source_iothub_shared_access_policy_test.go b/azurerm/internal/services/iothub/tests/data_source_iothub_shared_access_policy_test.go
new file mode 100644
index 000000000000..2f208139505c
--- /dev/null
+++ b/azurerm/internal/services/iothub/tests/data_source_iothub_shared_access_policy_test.go
@@ -0,0 +1,44 @@
+package tests
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
+)
+
+func TestAccDataSourceAzureRMIotHubSharedAccessPolicy_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_iothub_shared_access_policy", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMIotHubSharedAccessPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAzureRMIotHubSharedAccessPolicy_basic(data),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(data.ResourceName, "primary_key"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "primary_connection_string"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_key"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_connection_string"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAzureRMIotHubSharedAccessPolicy_basic(data acceptance.TestData) string {
+	template := testAccAzureRMIotHubSharedAccessPolicy_basic(data)
+
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_iothub_shared_access_policy" "test" {
+  name                = "${azurerm_iothub_shared_access_policy.test.name}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  iothub_name         = "${azurerm_iothub.test.name}"
+}
+`, template)
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
index ce1012cc04bd..2d4ca9d5fb01 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -210,6 +210,10 @@
                   <a href="/docs/providers/azurerm/d/iothub_dps.html">azurerm_iothub_dps</a>
                 </li>
 
+                <li>
+                  <a href="/docs/providers/azurerm/d/iothub_shared_access_policy.html">azurerm_iothub_shared_access_policy</a>
+                </li>
+
                 <li>
                     <a href="/docs/providers/azurerm/d/image.html">azurerm_image</a>
                 </li>
diff --git a/website/docs/d/iothub_shared_access_policy.html.markdown b/website/docs/d/iothub_shared_access_policy.html.markdown
new file mode 100644
index 000000000000..02acfc60bf32
--- /dev/null
+++ b/website/docs/d/iothub_shared_access_policy.html.markdown
@@ -0,0 +1,45 @@
+---
+subcategory: "IoT Hub"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_iothub_shared_access_policy"
+description: |-
+  Gets information about an existing IotHub Shared Access Policy
+---
+
+# Data Source: azurerm_iothub_shared_access_policy
+
+Use this data source to access information about an existing IotHub Shared Access Policy
+
+## Example Usage
+
+```hcl
+data "azurerm_iothub_shared_access_policy" "example" {
+  name                = "example"
+  resource_group_name = "${azurerm_resource_group.example.name}"
+  iothub_name         = "${azurerm_iothub.example.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Specifies the name of the IotHub Shared Access Policy resource.
+
+* `resource_group_name` - (Required) The name of the resource group under which the IotHub Shared Access Policy resource has to be created.
+
+* `iothub_name` - (Required) The name of the IoTHub to which this Shared Access Policy belongs.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the IoTHub Shared Access Policy.
+
+* `primary_key` - The primary key used to create the authentication token.
+
+* `primary_connection_string` - The primary connection string of the Shared Access Policy.
+
+* `secondary_key` - The secondary key used to create the authentication token.
+
+* `secondary_connection_string` - The secondary connection string of the Shared Access Policy.
\ No newline at end of file