11// Copyright (c) Microsoft Corporation.
22// Licensed under the MIT License.
33
4+ targetScope = 'resourceGroup'
5+
46metadata name = 'Key Vault'
57metadata description = 'Create or update an Azure Key Vault.'
68
79@sys .description ('The name of the Key Vault.' )
810param name string
911
10- @sys .description ('The Azure region to deploy to.' )
1112@metadata ({
1213 strongType : 'location'
1314})
15+ @sys .description ('The Azure region to deploy to.' )
1416param location string = resourceGroup ().location
1517
16- @sys .description ('The access policies defined for this vault.' )
1718@metadata ({
1819 example : [
1920 {
@@ -29,6 +30,7 @@ param location string = resourceGroup().location
2930 }
3031 ]
3132})
33+ @sys .description ('The access policies defined for this vault.' )
3234param accessPolicies array = []
3335
3436@sys .description ('Determines if Azure can deploy certificates from this Key Vault.' )
@@ -46,9 +48,9 @@ param useSoftDelete bool = true
4648@sys .description ('Determine if purge protection is enabled on this Key Vault.' )
4749param usePurgeProtection bool = true
4850
49- @sys .description ('The number of days to retain soft deleted vaults and vault objects.' )
5051@minValue (7 )
5152@maxValue (90 )
53+ @sys .description ('The number of days to retain soft deleted vaults and vault objects.' )
5254param softDeleteDays int = 90
5355
5456@sys .description ('Determines if access to the objects granted using RBAC. When true, access policies are ignored.' )
@@ -62,23 +64,23 @@ param networkAcls object = {
6264 virtualNetworkRules : []
6365}
6466
65- @sys .description ('The workspace to store audit logs.' )
6667@metadata ({
6768 strongType : 'Microsoft.OperationalInsights/workspaces'
6869 example : '/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.OperationalInsights/workspaces/<workspace_name>'
6970})
71+ @sys .description ('The workspace to store audit logs.' )
7072param workspaceId string = ''
7173
72- @sys .description ('Tags to apply to the resource.' )
7374@metadata ({
7475 example : {
7576 service : '<service_name>'
7677 env : 'prod'
7778 }
7879})
80+ @sys .description ('Tags to apply to the resource.' )
7981param tags object = resourceGroup ().tags
8082
81- // Define a Key Vault
83+ @ sys . description ( 'Create or update a Key Vault.' )
8284resource vault 'Microsoft.KeyVault/vaults@2019-09-01' = {
8385 name : name
8486 location : location
@@ -101,11 +103,10 @@ resource vault 'Microsoft.KeyVault/vaults@2019-09-01' = {
101103 tags : tags
102104}
103105
104- // Configure logging
105- resource vaultName_Microsoft_Insights_service 'Microsoft.Insights/diagnosticSettings@2016-09 -01' = if (!empty (workspaceId )) {
106+ @ sys . description ( ' Configure audit logs for the Key Vault.' )
107+ resource logs 'Microsoft.Insights/diagnosticSettings@2021-05 -01-preview ' = if (!empty (workspaceId )) {
106108 scope : vault
107- name : 'service'
108- location : location
109+ name : 'logs'
109110 properties : {
110111 workspaceId : workspaceId
111112 logs : [
0 commit comments