如何使用 terraform 从 ZCF04A02E37B7574FC311A key vault6 导入 azure web 应用程序证书

Question

I have a certificate for an app service in an azure keyvault, I want to import a key vault certificate to my web app in terraform but am not sure where i would refer to the keyvault in the below example?

  resource "azurerm_app_service_certificate_binding" "example" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.example.id
  certificate_id      = azurerm_app_service_managed_certificate.example.id
  ssl_state           = "SniEnabled"
}

Answer 1

To bind the existing key vault certificate with your webapp need to use as mentioned below by @json we need to first call key vault certificate using data then bind with webapp .

 //First Read the External Key Vault data "azurerm_key_vault" "production_keyvault" { name = "testingkeyvault2022" resource_group_name = "KeyVaultWestEuropeBackend" } // Now Read the Certificate data "azurerm_key_vault_secret" "prod_certificate" { name = "testcert" key_vault_id = data.azurerm_key_vault.production_keyvault.id } // Now bind the webapp to the domain and look for certificate. resource "azurerm_app_service_custom_hostname_binding" "website_app_hostname_bind" { //Website App depends_on = [ azurerm_app_service_certificate.cert, ] hostname = var.websiteurlbind app_service_name = data.azurerm_app_service.read_website_app.name resource_group_name = data.azurerm_resource_group.Terraform.name ssl_state = "SniEnabled" thumbprint = azurerm_app_service_certificate.cert.thumbprint } // Get Certificate from External KeyVault resource "azurerm_app_service_certificate" "cert" { name = "testingcert" resource_group_name = data.azurerm_resource_group.Terraform.name location = data.azurerm_resource_group.Terraform.location pfx_blob = data.azurerm_key_vault_secret.prod_certificate.value }

Note:- I have not tested due to some access issue from my end ,but it should work.

Please find this SO THREAD for more information.

If still the issue persists please re-open at this GitHub issue.