Configuration
Manages an Azure App Configuration Key.
Note: App Configuration Keys are provisioned using a Data Plane API which requires the role
App Configuration Data Owneron either the App Configuration or a parent scope (such as the Resource Group/Subscription). More information can be found in the Azure Documentation for App Configuration.
Example Usage
Kv Type
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const appconf = new azure.appconfiguration.ConfigurationStore("appconf", {
name: "appConf1",
resourceGroupName: example.name,
location: example.location,
});
const current = azure.core.getClientConfig({});
const appconfDataowner = new azure.authorization.Assignment("appconf_dataowner", {
scope: appconf.id,
roleDefinitionName: "App Configuration Data Owner",
principalId: current.then(current => current.objectId),
});
const test = new azure.appconfiguration.ConfigurationKey("test", {
configurationStoreId: appconf.id,
key: "appConfKey1",
label: "somelabel",
value: "a test",
}, {
dependsOn: [appconfDataowner],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
appconf = azure.appconfiguration.ConfigurationStore("appconf",
name="appConf1",
resource_group_name=example.name,
location=example.location)
current = azure.core.get_client_config()
appconf_dataowner = azure.authorization.Assignment("appconf_dataowner",
scope=appconf.id,
role_definition_name="App Configuration Data Owner",
principal_id=current.object_id)
test = azure.appconfiguration.ConfigurationKey("test",
configuration_store_id=appconf.id,
key="appConfKey1",
label="somelabel",
value="a test",
opts = pulumi.ResourceOptions(depends_on=[appconf_dataowner]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var appconf = new Azure.AppConfiguration.ConfigurationStore("appconf", new()
{
Name = "appConf1",
ResourceGroupName = example.Name,
Location = example.Location,
});
var current = Azure.Core.GetClientConfig.Invoke();
var appconfDataowner = new Azure.Authorization.Assignment("appconf_dataowner", new()
{
Scope = appconf.Id,
RoleDefinitionName = "App Configuration Data Owner",
PrincipalId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
});
var test = new Azure.AppConfiguration.ConfigurationKey("test", new()
{
ConfigurationStoreId = appconf.Id,
Key = "appConfKey1",
Label = "somelabel",
Value = "a test",
}, new CustomResourceOptions
{
DependsOn =
{
appconfDataowner,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/appconfiguration"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
appconf, err := appconfiguration.NewConfigurationStore(ctx, "appconf", &appconfiguration.ConfigurationStoreArgs{
Name: pulumi.String("appConf1"),
ResourceGroupName: example.Name,
Location: example.Location,
})
if err != nil {
return err
}
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
appconfDataowner, err := authorization.NewAssignment(ctx, "appconf_dataowner", &authorization.AssignmentArgs{
Scope: appconf.ID(),
RoleDefinitionName: pulumi.String("App Configuration Data Owner"),
PrincipalId: pulumi.String(current.ObjectId),
})
if err != nil {
return err
}
_, err = appconfiguration.NewConfigurationKey(ctx, "test", &appconfiguration.ConfigurationKeyArgs{
ConfigurationStoreId: appconf.ID(),
Key: pulumi.String("appConfKey1"),
Label: pulumi.String("somelabel"),
Value: pulumi.String("a test"),
}, pulumi.DependsOn([]pulumi.Resource{
appconfDataowner,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appconfiguration.ConfigurationStore;
import com.pulumi.azure.appconfiguration.ConfigurationStoreArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.appconfiguration.ConfigurationKey;
import com.pulumi.azure.appconfiguration.ConfigurationKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var appconf = new ConfigurationStore("appconf", ConfigurationStoreArgs.builder()
.name("appConf1")
.resourceGroupName(example.name())
.location(example.location())
.build());
final var current = CoreFunctions.getClientConfig();
var appconfDataowner = new Assignment("appconfDataowner", AssignmentArgs.builder()
.scope(appconf.id())
.roleDefinitionName("App Configuration Data Owner")
.principalId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.build());
var test = new ConfigurationKey("test", ConfigurationKeyArgs.builder()
.configurationStoreId(appconf.id())
.key("appConfKey1")
.label("somelabel")
.value("a test")
.build(), CustomResourceOptions.builder()
.dependsOn(appconfDataowner)
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
appconf:
type: azure:appconfiguration:ConfigurationStore
properties:
name: appConf1
resourceGroupName: ${example.name}
location: ${example.location}
appconfDataowner:
type: azure:authorization:Assignment
name: appconf_dataowner
properties:
scope: ${appconf.id}
roleDefinitionName: App Configuration Data Owner
principalId: ${current.objectId}
test:
type: azure:appconfiguration:ConfigurationKey
properties:
configurationStoreId: ${appconf.id}
key: appConfKey1
label: somelabel
value: a test
options:
dependson:
- ${appconfDataowner}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}Content copied to clipboard
Vault Type
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const appconf = new azure.appconfiguration.ConfigurationStore("appconf", {
name: "appConf1",
resourceGroupName: example.name,
location: example.location,
});
const current = azure.core.getClientConfig({});
const kv = new azure.keyvault.KeyVault("kv", {
name: "kv",
location: testAzurermResourceGroup.location,
resourceGroupName: testAzurermResourceGroup.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
softDeleteRetentionDays: 7,
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Create",
"Get",
],
secretPermissions: [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
],
}],
});
const kvs = new azure.keyvault.Secret("kvs", {
name: "kvs",
value: "szechuan",
keyVaultId: kv.id,
});
const appconfDataowner = new azure.authorization.Assignment("appconf_dataowner", {
scope: appconf.id,
roleDefinitionName: "App Configuration Data Owner",
principalId: current.then(current => current.objectId),
});
const test = new azure.appconfiguration.ConfigurationKey("test", {
configurationStoreId: testAzurermAppConfiguration.id,
key: "key1",
type: "vault",
label: "label1",
vaultKeyReference: kvs.versionlessId,
}, {
dependsOn: [appconfDataowner],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
appconf = azure.appconfiguration.ConfigurationStore("appconf",
name="appConf1",
resource_group_name=example.name,
location=example.location)
current = azure.core.get_client_config()
kv = azure.keyvault.KeyVault("kv",
name="kv",
location=test_azurerm_resource_group["location"],
resource_group_name=test_azurerm_resource_group["name"],
tenant_id=current.tenant_id,
sku_name="premium",
soft_delete_retention_days=7,
access_policies=[{
"tenant_id": current.tenant_id,
"object_id": current.object_id,
"key_permissions": [
"Create",
"Get",
],
"secret_permissions": [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
],
}])
kvs = azure.keyvault.Secret("kvs",
name="kvs",
value="szechuan",
key_vault_id=kv.id)
appconf_dataowner = azure.authorization.Assignment("appconf_dataowner",
scope=appconf.id,
role_definition_name="App Configuration Data Owner",
principal_id=current.object_id)
test = azure.appconfiguration.ConfigurationKey("test",
configuration_store_id=test_azurerm_app_configuration["id"],
key="key1",
type="vault",
label="label1",
vault_key_reference=kvs.versionless_id,
opts = pulumi.ResourceOptions(depends_on=[appconf_dataowner]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var appconf = new Azure.AppConfiguration.ConfigurationStore("appconf", new()
{
Name = "appConf1",
ResourceGroupName = example.Name,
Location = example.Location,
});
var current = Azure.Core.GetClientConfig.Invoke();
var kv = new Azure.KeyVault.KeyVault("kv", new()
{
Name = "kv",
Location = testAzurermResourceGroup.Location,
ResourceGroupName = testAzurermResourceGroup.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
SoftDeleteRetentionDays = 7,
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Create",
"Get",
},
SecretPermissions = new[]
{
"Set",
"Get",
"Delete",
"Purge",
"Recover",
},
},
},
});
var kvs = new Azure.KeyVault.Secret("kvs", new()
{
Name = "kvs",
Value = "szechuan",
KeyVaultId = kv.Id,
});
var appconfDataowner = new Azure.Authorization.Assignment("appconf_dataowner", new()
{
Scope = appconf.Id,
RoleDefinitionName = "App Configuration Data Owner",
PrincipalId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
});
var test = new Azure.AppConfiguration.ConfigurationKey("test", new()
{
ConfigurationStoreId = testAzurermAppConfiguration.Id,
Key = "key1",
Type = "vault",
Label = "label1",
VaultKeyReference = kvs.VersionlessId,
}, new CustomResourceOptions
{
DependsOn =
{
appconfDataowner,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/appconfiguration"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
appconf, err := appconfiguration.NewConfigurationStore(ctx, "appconf", &appconfiguration.ConfigurationStoreArgs{
Name: pulumi.String("appConf1"),
ResourceGroupName: example.Name,
Location: example.Location,
})
if err != nil {
return err
}
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
kv, err := keyvault.NewKeyVault(ctx, "kv", &keyvault.KeyVaultArgs{
Name: pulumi.String("kv"),
Location: pulumi.Any(testAzurermResourceGroup.Location),
ResourceGroupName: pulumi.Any(testAzurermResourceGroup.Name),
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
SoftDeleteRetentionDays: pulumi.Int(7),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Get"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Set"),
pulumi.String("Get"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("Recover"),
},
},
},
})
if err != nil {
return err
}
kvs, err := keyvault.NewSecret(ctx, "kvs", &keyvault.SecretArgs{
Name: pulumi.String("kvs"),
Value: pulumi.String("szechuan"),
KeyVaultId: kv.ID(),
})
if err != nil {
return err
}
appconfDataowner, err := authorization.NewAssignment(ctx, "appconf_dataowner", &authorization.AssignmentArgs{
Scope: appconf.ID(),
RoleDefinitionName: pulumi.String("App Configuration Data Owner"),
PrincipalId: pulumi.String(current.ObjectId),
})
if err != nil {
return err
}
_, err = appconfiguration.NewConfigurationKey(ctx, "test", &appconfiguration.ConfigurationKeyArgs{
ConfigurationStoreId: pulumi.Any(testAzurermAppConfiguration.Id),
Key: pulumi.String("key1"),
Type: pulumi.String("vault"),
Label: pulumi.String("label1"),
VaultKeyReference: kvs.VersionlessId,
}, pulumi.DependsOn([]pulumi.Resource{
appconfDataowner,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appconfiguration.ConfigurationStore;
import com.pulumi.azure.appconfiguration.ConfigurationStoreArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Secret;
import com.pulumi.azure.keyvault.SecretArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.appconfiguration.ConfigurationKey;
import com.pulumi.azure.appconfiguration.ConfigurationKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var appconf = new ConfigurationStore("appconf", ConfigurationStoreArgs.builder()
.name("appConf1")
.resourceGroupName(example.name())
.location(example.location())
.build());
final var current = CoreFunctions.getClientConfig();
var kv = new KeyVault("kv", KeyVaultArgs.builder()
.name("kv")
.location(testAzurermResourceGroup.location())
.resourceGroupName(testAzurermResourceGroup.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.softDeleteRetentionDays(7)
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Get")
.secretPermissions(
"Set",
"Get",
"Delete",
"Purge",
"Recover")
.build())
.build());
var kvs = new Secret("kvs", SecretArgs.builder()
.name("kvs")
.value("szechuan")
.keyVaultId(kv.id())
.build());
var appconfDataowner = new Assignment("appconfDataowner", AssignmentArgs.builder()
.scope(appconf.id())
.roleDefinitionName("App Configuration Data Owner")
.principalId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.build());
var test = new ConfigurationKey("test", ConfigurationKeyArgs.builder()
.configurationStoreId(testAzurermAppConfiguration.id())
.key("key1")
.type("vault")
.label("label1")
.vaultKeyReference(kvs.versionlessId())
.build(), CustomResourceOptions.builder()
.dependsOn(appconfDataowner)
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
appconf:
type: azure:appconfiguration:ConfigurationStore
properties:
name: appConf1
resourceGroupName: ${example.name}
location: ${example.location}
kv:
type: azure:keyvault:KeyVault
properties:
name: kv
location: ${testAzurermResourceGroup.location}
resourceGroupName: ${testAzurermResourceGroup.name}
tenantId: ${current.tenantId}
skuName: premium
softDeleteRetentionDays: 7
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Create
- Get
secretPermissions:
- Set
- Get
- Delete
- Purge
- Recover
kvs:
type: azure:keyvault:Secret
properties:
name: kvs
value: szechuan
keyVaultId: ${kv.id}
appconfDataowner:
type: azure:authorization:Assignment
name: appconf_dataowner
properties:
scope: ${appconf.id}
roleDefinitionName: App Configuration Data Owner
principalId: ${current.objectId}
test:
type: azure:appconfiguration:ConfigurationKey
properties:
configurationStoreId: ${testAzurermAppConfiguration.id}
key: key1
type: vault
label: label1
vaultKeyReference: ${kvs.versionlessId}
options:
dependson:
- ${appconfDataowner}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}Content copied to clipboard
Import
App Configuration Keys can be imported using the resource id, e.g.
$ pulumi import azure:appconfiguration/configurationKey:ConfigurationKey test https://appconfname1.azconfig.io/kv/keyName?label=labelNameContent copied to clipboard
If you wish to import a key with an empty label then simply leave label's name blank:
$ pulumi import azure:appconfiguration/configurationKey:ConfigurationKey test https://appconfname1.azconfig.io/kv/keyName?label=Content copied to clipboard
Properties
Link copied to clipboard
Specifies the id of the App Configuration. Changing this forces a new resource to be created.
Link copied to clipboard
The content type of the App Configuration Key. This should only be set when type is set to kv.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The type of the App Configuration Key. It can either be kv (simple key/value) or vault (where the value is a reference to a Key Vault Secret. Defaults to kv.
Link copied to clipboard
The ID of the vault secret this App Configuration Key refers to. This should only be set when type is set to vault.