NashTech Insights

Automating Key Creation in Azure Key Vault with Terraform

Atisha Shaurya
Atisha Shaurya
Table of Contents
woman in white long sleeve shirt using macbook pro

Azure Key Vault is a powerful service that allows you to securely manage keys, secrets, and certificates used by your applications and services. It’s essential to ensure the security and compliance of your resources, and Terraform, an infrastructure as code (IaC) tool, can help you automate the provisioning of keys in Azure Key Vault. In this blog post, we will walk you through the process of creating keys in Azure Key Vault using Terraform.


Before you get started, make sure you have the following prerequisites in place:

  1. Azure Subscription: You should have an active Azure subscription. If you don’t have one, you can sign up for a free trial.
  2. Terraform Installed: Ensure that Terraform is installed on your local machine. You can download it from the official website.
  3. Azure CLI: Install the Azure Command-Line Interface (CLI) on your machine. You’ll use this to authenticate with Azure and manage your resources.

1. Set Up Azure Authentication

To interact with Azure resources from Terraform, you need to authenticate using the Azure CLI. Run the following command and follow the prompts to sign in:

az login

2. Create a Terraform Configuration File

Create a new directory for your Terraform project and navigate to it in your terminal. Inside this directory, create a file named to define your Terraform configuration.

provider "azurerm" {
  features {}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "East US"

resource "azurerm_key_vault" "example" {
  name                        = "example-keyvault"
  location                    = azurerm_resource_group.example.location
  resource_group_name         =
  tenant_id                   = data.azuread_client_config.current.tenant_id
  sku_name                    = "standard"
  enabled_for_deployment      = true
  enabled_for_disk_encryption = true
  enabled_for_template_deployment = true

data "azuread_client_config" "current" {}

resource "azurerm_key_vault_key" "example" {
  name         = "example-key"
  key_vault_id =
  key_type     = "RSA"

In this configuration:

  • We define the Azure provider block to specify the Azure provider.
  • We create an Azure resource group to contain our Azure Key Vault.
  • We create an Azure Key Vault with specified settings, including enabling disk encryption and template deployment.
  • We retrieve the Azure AD tenant ID using the azuread_client_config data source.
  • We create a key in the Key Vault with the name “example-key” and type “RSA.”

3. Initialize Terraform

In your terminal, navigate to the directory where you created your file and run the following command to initialize Terraform:

terraform init

This command downloads the necessary provider plugins and prepares your workspace.

4. Apply the Configuration

To apply the Terraform configuration and create the Azure Key Vault and key, run the following command:

terraform apply

Terraform will display a summary of the changes it plans to make. Confirm by typing “yes” when prompted.

5. Verify the Key Creation

Once Terraform has completed applying the configuration, you can verify the creation of the key in the Azure Key Vault by navigating to the Azure portal or by using Azure CLI commands.

To view the created key using Azure CLI, run:

az keyvault key list –vault-name example-keyvault

6. Clean Up (Optional)

If you want to remove the created resources, you can use Terraform to destroy them. Run the following command:

terraform destroy


Automating the creation of keys in Azure Key Vault using Terraform streamlines the process of managing cryptographic keys for your applications. This approach enhances security, consistency, and reproducibility in your infrastructure deployments. By following the steps outlined in this blog post, you can easily integrate key provisioning into your infrastructure as code workflows, ensuring the confidentiality and integrity of your data.

Atisha Shaurya

Atisha Shaurya

Leave a Comment

Your email address will not be published. Required fields are marked *

Suggested Article

%d bloggers like this: