diff --git a/README.md b/README.md
index bb4db74..31e5a31 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,7 @@ This module has a few dependencies:
### Simple Example
Here is an example of how you can use this module in your inventory structure:
+ #### key-vault with access policy
```hcl
module "key_vault" {
source = "clouddrove/key-vault/azure"
@@ -88,6 +89,27 @@ module "key_vault" {
access_policy = [{}]
}
```
+#### key-vault with RBAC
+ ```hcl
+module "key_vault" {
+ source = "clouddrove/key-vault/azure"
+ name = "annkkdsovvdcc"
+ environment = "test"
+ label_order = ["name", "environment", ]
+ resource_group_name = module.resource_group.resource_group_name
+ purge_protection_enabled = false
+ enabled_for_disk_encryption = true
+ sku_name = "standard"
+ subnet_id = module.vnet.vnet_subnets[0]
+ virtual_network_id = module.vnet.vnet_id[0]
+ #private endpoint
+ enable_private_endpoint = true
+ ##RBAC
+ enable_rbac_authorization = true
+ principal_id = ["71d1XXXXXXXXXXXXX166d7c97", "2fa59XXXXXXXXXXXXXX82716fb05"]
+ role_definition_name = ["Key Vault Administrator", ]
+ }
+ ```
@@ -101,6 +123,7 @@ module "key_vault" {
| access\_policies | Map of access policies for an object\_id (user, service principal, security group) to backend. | list(object({
object_id = string,
certificate_permissions = list(string),
key_permissions = list(string),
secret_permissions = list(string),
storage_permissions = list(string),
})) | `[]` | no |
| access\_policy | Map of access policies for an object\_id (user, service principal, security group) to backend. | list(object({
object_id = string,
certificate_permissions = list(string),
key_permissions = list(string),
secret_permissions = list(string),
storage_permissions = list(string),
})) | `[]` | no |
| enable\_private\_endpoint | Manages a Private Endpoint to Azure database for MySQL | `bool` | `true` | no |
+| enable\_rbac\_authorization | (Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. | `bool` | `false` | no |
| enabled | Set to false to prevent the module from creating any resources. | `bool` | `true` | no |
| enabled\_for\_disk\_encryption | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false | `bool` | `null` | no |
| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no |
@@ -112,9 +135,11 @@ module "key_vault" {
| network\_acls\_default\_action | The Default Action to use when no rules match from ip\_rules / virtual\_network\_subnet\_ids. Possible values are Allow and Deny. | `string` | `"Deny"` | no |
| network\_acls\_ip\_rules | (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Key Vault. | `list(string)` | `null` | no |
| network\_acls\_subnet\_ids | (Optional) One or more Subnet ID's which should be able to access this Key Vault. | `list(string)` | `null` | no |
+| principal\_id | The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created. | `list(string)` | `[]` | no |
| purge\_protection\_enabled | Is Purge Protection enabled for this Key Vault? Defaults to false | `bool` | `null` | no |
| repository | Terraform current module repo | `string` | `""` | no |
| resource\_group\_name | A container that holds related resources for an Azure solution | `string` | `""` | no |
+| role\_definition\_name | The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role\_definition\_id | `list(string)` | `[]` | no |
| secrets | List of secrets for be created | `map` | `{}` | no |
| sku\_name | The Name of the SKU used for this Key Vault. Possible values are standard and premium | `string` | `"standard"` | no |
| soft\_delete\_retention\_days | The number of days that items should be retained for once soft-deleted. The valid value can be between 7 and 90 days | `number` | `90` | no |