- name: Prepare random number set_fact: rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" tenant_id: "{{ lookup('env','AZURE_TENANT') }}" run_once: yes - name: set service principal info set_fact: azure_client_id: "{{ lookup('env','AZURE_CLIENT_ID') }}" azure_secret: "{{ lookup('env','AZURE_SECRET') }}" no_log: yes - name: lookup service principal object id set_fact: object_id: "{{ lookup('azure_service_principal_attribute', azure_client_id=azure_client_id, azure_secret=azure_secret, azure_tenant=tenant_id) }}" register: object_id - name: Create instance of Key Vault azure_rm_keyvault: resource_group: "{{ resource_group }}" vault_name: "vault{{ rpfx }}" enabled_for_deployment: yes vault_tenant: "{{ tenant_id }}" sku: name: standard family: A access_policies: - tenant_id: "{{ tenant_id }}" object_id: '{{ object_id }}' keys: - get - list - update - create - import - delete - recover - backup - restore - encrypt - decrypt - wrapkey - unwrapkey - sign - verify secrets: - get - list - set - delete - recover - backup - restore register: output - name: create a kevyault key block: - azure_rm_keyvaultkey: keyvault_uri: https://vault{{ rpfx }}.vault.azure.net key_name: testkey tags: testing: test delete: on-exit register: output - assert: that: output.changed rescue: - azure_rm_keyvaultkey: keyvault_uri: https://vault{{ rpfx }}.vault.azure.net state: absent key_name: testkey - name: delete a kevyault key azure_rm_keyvaultkey: keyvault_uri: https://vault{{ rpfx }}.vault.azure.net state: absent key_name: testkey register: output - assert: that: output.changed - name: Delete instance of Key Vault azure_rm_keyvault: resource_group: "{{ resource_group }}" vault_name: "vault{{ rpfx }}" state: absent