azure terraform azure-keyvault terraform-provider-azure

Terraform set data source of key vault based on variable

I'm trying to set a data lookup for a username and password from a Key Vault to a SQL server via Terraform. I've got 3 environments Dev, UAT and Prod and have different creds for each environment. There is a variable for each environment of var.environment which is set in an environment .tfvars file. I've got secrets that've been added to a Key Vault already and are accessed via data sources.

I thought about using If OR but I can only set 2 values via this.

I've also looked at using locals with a tomap using something like

locals{
  username = tomap({
    devusername = data.azurerm_key_vault_secret.username.value
    devpassword = data.azurerm_key_vault_secret.password.value
  })
}

administrator_login = local.username[var.environment]

data "azurerm_key_vault_secret" "dev-username" {
  name         = "sql-username"
  key_vault_id = data.azurerm_key_vault.kv.id
}

And the environment variable is set at the tfvars level (there's one per env)

variable "environment" {
  type = string
}

However it doesn't look like you can put a data value into a map, just wondering if there's other ways of being able to set the username/password per environment.

Solution

Set data source of key vault based on variable while using terraform

Thanks Marko E on this input. You don't need pass the name to map as mentioned just because you have different environments. In-order to pass the inputs for usernames and secrets while having multiple environment.

I tried a configuration which may not require to define the locals configuration again as per the requirement. before creating the secrets follow a naming convention that include the env name ex: dev-sql-password & dev-sql-username

this will while achieving the configuration mentioned below

demo configuration:

variable "environment" {
  type    = string
  default = "dev" 
}

data "azurerm_key_vault_secret" "sql_username" {
  name         = "${var.environment}-sql-username"
  key_vault_id = data.azurerm_key_vault.example.id
}

data "azurerm_key_vault_secret" "sql_password" {
  name         = "${var.environment}-sql-password"
  key_vault_id = data.azurerm_key_vault.example.id
}

locals {
  sql_username = data.azurerm_key_vault_secret.sql_username.value
  sql_password = data.azurerm_key_vault_secret.sql_password.value
}

resource "azurerm_mssql_server" "example" {
  name                         = "vksbbsqlserver-${var.environment}"
  resource_group_name          = data.azurerm_resource_group.example.name
  location                     = data.azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = local.sql_username
  administrator_login_password = local.sql_password
  minimum_tls_version          = "1.2"
}

deployment:

refer:

azurerm_mssql_server | Resources | hashicorp/azurerm | Terraform | Terraform Registry