diff --git a/azurerm/data_source_key_vault.go b/azurerm/data_source_key_vault.go
new file mode 100644
index 000000000000..3107545aba0e
--- /dev/null
+++ b/azurerm/data_source_key_vault.go
@@ -0,0 +1,210 @@
+package azurerm
+
+import (
+ "fmt"
+
+ "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
+ "github.com/hashicorp/terraform/helper/schema"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmKeyVault() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceArmKeyVaultRead,
+
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ ValidateFunc: validateKeyVaultName,
+ },
+
+ "resource_group_name": resourceGroupNameForDataSourceSchema(),
+
+ "location": locationForDataSourceSchema(),
+
+ "sku": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ },
+ },
+ },
+
+ "vault_uri": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "tenant_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "access_policy": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "tenant_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "object_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "application_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "certificate_permissions": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "key_permissions": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "secret_permissions": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ },
+
+ "enabled_for_deployment": {
+ Type: schema.TypeBool,
+ Computed: true,
+ },
+
+ "enabled_for_disk_encryption": {
+ Type: schema.TypeBool,
+ Computed: true,
+ },
+
+ "enabled_for_template_deployment": {
+ Type: schema.TypeBool,
+ Computed: true,
+ },
+
+ "tags": tagsForDataSourceSchema(),
+ },
+ }
+}
+
+func dataSourceArmKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*ArmClient).keyVaultClient
+ ctx := meta.(*ArmClient).StopContext
+
+ name := d.Get("name").(string)
+ resourceGroup := d.Get("resource_group_name").(string)
+
+ resp, err := client.Get(ctx, resourceGroup, name)
+ if err != nil {
+ if utils.ResponseWasNotFound(resp.Response) {
+ return fmt.Errorf("KeyVault %q (Resource Group %q) does not exist", name, resourceGroup)
+ }
+ return fmt.Errorf("Error making Read request on KeyVault %q: %+v", name, err)
+ }
+
+ d.SetId(*resp.ID)
+
+ d.Set("name", resp.Name)
+ d.Set("resource_group_name", resourceGroup)
+ if location := resp.Location; location != nil {
+ d.Set("location", azureRMNormalizeLocation(*location))
+ }
+
+ if props := resp.Properties; props != nil {
+ d.Set("tenant_id", props.TenantID.String())
+ d.Set("enabled_for_deployment", props.EnabledForDeployment)
+ d.Set("enabled_for_disk_encryption", props.EnabledForDiskEncryption)
+ d.Set("enabled_for_template_deployment", props.EnabledForTemplateDeployment)
+ if err := d.Set("sku", flattenKeyVaultDataSourceSku(props.Sku)); err != nil {
+ return fmt.Errorf("Error flattening `sku` for KeyVault %q: %+v", resp.Name, err)
+ }
+ if err := d.Set("access_policy", flattenKeyVaultDataSourceAccessPolicies(props.AccessPolicies)); err != nil {
+ return fmt.Errorf("Error flattening `access_policy` for KeyVault %q: %+v", resp.Name, err)
+ }
+ d.Set("vault_uri", props.VaultURI)
+ }
+
+ flattenAndSetTags(d, resp.Tags)
+
+ return nil
+}
+
+func flattenKeyVaultDataSourceSku(sku *keyvault.Sku) []interface{} {
+ result := map[string]interface{}{
+ "name": string(sku.Name),
+ }
+
+ return []interface{}{result}
+}
+
+func flattenKeyVaultDataSourceAccessPolicies(policies *[]keyvault.AccessPolicyEntry) []interface{} {
+ result := make([]interface{}, 0, len(*policies))
+
+ if policies == nil {
+ return result
+ }
+
+ for _, policy := range *policies {
+ policyRaw := make(map[string]interface{})
+
+ keyPermissionsRaw := make([]interface{}, 0)
+ secretPermissionsRaw := make([]interface{}, 0)
+ certificatePermissionsRaw := make([]interface{}, 0)
+
+ if permissions := policy.Permissions; permissions != nil {
+ if keys := permissions.Keys; keys != nil {
+ for _, keyPermission := range *keys {
+ keyPermissionsRaw = append(keyPermissionsRaw, string(keyPermission))
+ }
+ }
+ if secrets := permissions.Secrets; secrets != nil {
+ for _, secretPermission := range *secrets {
+ secretPermissionsRaw = append(secretPermissionsRaw, string(secretPermission))
+ }
+ }
+
+ if certificates := permissions.Certificates; certificates != nil {
+ for _, certificatePermission := range *certificates {
+ certificatePermissionsRaw = append(certificatePermissionsRaw, string(certificatePermission))
+ }
+ }
+ }
+
+ policyRaw["tenant_id"] = policy.TenantID.String()
+ if policy.ObjectID != nil {
+ policyRaw["object_id"] = *policy.ObjectID
+ }
+ if policy.ApplicationID != nil {
+ policyRaw["application_id"] = policy.ApplicationID.String()
+ }
+ policyRaw["key_permissions"] = keyPermissionsRaw
+ policyRaw["secret_permissions"] = secretPermissionsRaw
+ policyRaw["certificate_permissions"] = certificatePermissionsRaw
+
+ result = append(result, policyRaw)
+ }
+
+ return result
+}
diff --git a/azurerm/data_source_key_vault_secret.go b/azurerm/data_source_key_vault_secret.go
new file mode 100644
index 000000000000..63962141d532
--- /dev/null
+++ b/azurerm/data_source_key_vault_secret.go
@@ -0,0 +1,80 @@
+package azurerm
+
+import (
+ "fmt"
+
+ "github.com/hashicorp/terraform/helper/schema"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmKeyVaultSecret() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceArmKeyVaultSecretRead,
+
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+
+ "vault_uri": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+
+ "value": {
+ Type: schema.TypeString,
+ Computed: true,
+ Sensitive: true,
+ },
+
+ "content_type": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "version": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "tags": tagsForDataSourceSchema(),
+ },
+ }
+}
+
+func dataSourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*ArmClient).keyVaultManagementClient
+ ctx := meta.(*ArmClient).StopContext
+
+ name := d.Get("name").(string)
+ vaultUri := d.Get("vault_uri").(string)
+
+ // we always want to get the latest version
+ resp, err := client.GetSecret(ctx, vaultUri, name, "")
+ if err != nil {
+ if utils.ResponseWasNotFound(resp.Response) {
+ return fmt.Errorf("KeyVault Secret %q (KeyVault URI %q) does not exist", name, vaultUri)
+ }
+ return fmt.Errorf("Error making Read request on Azure KeyVault Secret %s: %+v", name, err)
+ }
+
+ // the version may have changed, so parse the updated id
+ respID, err := parseKeyVaultChildID(*resp.ID)
+ if err != nil {
+ return err
+ }
+
+ d.SetId(*resp.ID)
+
+ d.Set("name", respID.Name)
+ d.Set("vault_uri", respID.KeyVaultBaseUrl)
+ d.Set("value", resp.Value)
+ d.Set("version", respID.Version)
+ d.Set("content_type", resp.ContentType)
+
+ flattenAndSetTags(d, resp.Tags)
+ return nil
+}
diff --git a/azurerm/data_source_key_vault_secret_test.go b/azurerm/data_source_key_vault_secret_test.go
new file mode 100644
index 000000000000..29d7204b85e4
--- /dev/null
+++ b/azurerm/data_source_key_vault_secret_test.go
@@ -0,0 +1,78 @@
+package azurerm
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/hashicorp/terraform/helper/acctest"
+ "github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAzureRMKeyVaultSecret_basic(t *testing.T) {
+ dataSourceName := "data.azurerm_key_vault_secret.test"
+
+ rString := acctest.RandString(8)
+ location := testLocation()
+ config := testAccDataSourceKeyVaultSecret_basic(rString, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr(dataSourceName, "value", "rick-and-morty"),
+ resource.TestCheckResourceAttr(dataSourceName, "tags.%", "0"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccDataSourceAzureRMKeyVaultSecret_complete(t *testing.T) {
+ dataSourceName := "data.azurerm_key_vault_secret.test"
+
+ rString := acctest.RandString(8)
+ location := testLocation()
+ config := testAccDataSourceKeyVaultSecret_complete(rString, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr(dataSourceName, "value", ""),
+ resource.TestCheckResourceAttr(dataSourceName, "tags.%", "1"),
+ resource.TestCheckResourceAttr(dataSourceName, "tags.hello", "world"),
+ ),
+ },
+ },
+ })
+}
+
+func testAccDataSourceKeyVaultSecret_basic(rString string, location string) string {
+ resource := testAccAzureRMKeyVaultSecret_basic(rString, location)
+ return fmt.Sprintf(`
+%s
+
+data "azurerm_key_vault_secret" "test" {
+ name = "${azurerm_key_vault_secret.test.name}"
+ vault_uri = "${azurerm_key_vault_secret.test.vault_uri}"
+}
+`, resource)
+}
+
+func testAccDataSourceKeyVaultSecret_complete(rString string, location string) string {
+ resource := testAccAzureRMKeyVaultSecret_complete(rString, location)
+ return fmt.Sprintf(`
+%s
+
+data "azurerm_key_vault_secret" "test" {
+ name = "${azurerm_key_vault_secret.test.name}"
+ vault_uri = "${azurerm_key_vault_secret.test.vault_uri}"
+}
+`, resource)
+}
diff --git a/azurerm/data_source_key_vault_test.go b/azurerm/data_source_key_vault_test.go
new file mode 100644
index 000000000000..d2881e3e799c
--- /dev/null
+++ b/azurerm/data_source_key_vault_test.go
@@ -0,0 +1,90 @@
+package azurerm
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/hashicorp/terraform/helper/acctest"
+ "github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAzureRMKeyVault_basic(t *testing.T) {
+ dataSourceName := "data.azurerm_key_vault.test"
+ ri := acctest.RandInt()
+ location := testLocation()
+ config := testAccDataSourceAzureRMKeyVault_basic(ri, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMKeyVaultDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMKeyVaultExists(dataSourceName),
+ resource.TestCheckResourceAttrSet(dataSourceName, "tenant_id"),
+ resource.TestCheckResourceAttrSet(dataSourceName, "sku.0.name"),
+ resource.TestCheckResourceAttrSet(dataSourceName, "access_policy.0.tenant_id"),
+ resource.TestCheckResourceAttrSet(dataSourceName, "access_policy.0.object_id"),
+ resource.TestCheckResourceAttr(dataSourceName, "access_policy.0.key_permissions.0", "create"),
+ resource.TestCheckResourceAttr(dataSourceName, "access_policy.0.secret_permissions.0", "set"),
+ resource.TestCheckResourceAttr(dataSourceName, "tags.%", "0"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccDataSourceAzureRMKeyVault_complete(t *testing.T) {
+ dataSourceName := "data.azurerm_key_vault.test"
+ ri := acctest.RandInt()
+ location := testLocation()
+ config := testAccDataSourceAzureRMKeyVault_complete(ri, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMKeyVaultDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMKeyVaultExists(dataSourceName),
+ resource.TestCheckResourceAttrSet(dataSourceName, "tenant_id"),
+ resource.TestCheckResourceAttrSet(dataSourceName, "sku.0.name"),
+ resource.TestCheckResourceAttrSet(dataSourceName, "access_policy.0.tenant_id"),
+ resource.TestCheckResourceAttrSet(dataSourceName, "access_policy.0.object_id"),
+ resource.TestCheckResourceAttr(dataSourceName, "access_policy.0.key_permissions.0", "get"),
+ resource.TestCheckResourceAttr(dataSourceName, "access_policy.0.secret_permissions.0", "get"),
+ resource.TestCheckResourceAttr(dataSourceName, "tags.%", "1"),
+ resource.TestCheckResourceAttr(dataSourceName, "tags.environment", "Production"),
+ ),
+ },
+ },
+ })
+}
+
+func testAccDataSourceAzureRMKeyVault_basic(rInt int, location string) string {
+ resource := testAccAzureRMKeyVault_basic(rInt, location)
+ return fmt.Sprintf(`
+%s
+
+data "azurerm_key_vault" "test" {
+ name = "${azurerm_key_vault.test.name}"
+ resource_group_name = "${azurerm_key_vault.test.resource_group_name}"
+}
+`, resource)
+}
+
+func testAccDataSourceAzureRMKeyVault_complete(rInt int, location string) string {
+ resource := testAccAzureRMKeyVault_complete(rInt, location)
+ return fmt.Sprintf(`
+%s
+
+data "azurerm_key_vault" "test" {
+ name = "${azurerm_key_vault.test.name}"
+ resource_group_name = "${azurerm_key_vault.test.resource_group_name}"
+}
+`, resource)
+}
diff --git a/azurerm/import_arm_key_vault_test.go b/azurerm/import_arm_key_vault_test.go
index dd0fe04d39b3..5612b8a07a70 100644
--- a/azurerm/import_arm_key_vault_test.go
+++ b/azurerm/import_arm_key_vault_test.go
@@ -29,3 +29,26 @@ func TestAccAzureRMKeyVault_importBasic(t *testing.T) {
},
})
}
+
+func TestAccAzureRMKeyVault_importComplete(t *testing.T) {
+ resourceName := "azurerm_key_vault.test"
+
+ ri := acctest.RandInt()
+ config := testAccAzureRMKeyVault_complete(ri, testLocation())
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMKeyVaultDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
index bdc6d44bdd20..96971de5e67e 100644
--- a/azurerm/provider.go
+++ b/azurerm/provider.go
@@ -87,7 +87,9 @@ func Provider() terraform.ResourceProvider {
"azurerm_dns_zone": dataSourceArmDnsZone(),
"azurerm_eventhub_namespace": dataSourceEventHubNamespace(),
"azurerm_image": dataSourceArmImage(),
+ "azurerm_key_vault": dataSourceArmKeyVault(),
"azurerm_key_vault_access_policy": dataSourceArmKeyVaultAccessPolicy(),
+ "azurerm_key_vault_secret": dataSourceArmKeyVaultSecret(),
"azurerm_kubernetes_cluster": dataSourceArmKubernetesCluster(),
"azurerm_managed_disk": dataSourceArmManagedDisk(),
"azurerm_network_interface": dataSourceArmNetworkInterface(),
diff --git a/azurerm/resource_arm_key_vault.go b/azurerm/resource_arm_key_vault.go
index 7691ee6abd52..2a30b0b92069 100644
--- a/azurerm/resource_arm_key_vault.go
+++ b/azurerm/resource_arm_key_vault.go
@@ -278,16 +278,22 @@ func resourceArmKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
if location := resp.Location; location != nil {
d.Set("location", azureRMNormalizeLocation(*location))
}
- d.Set("tenant_id", resp.Properties.TenantID.String())
- d.Set("enabled_for_deployment", resp.Properties.EnabledForDeployment)
- d.Set("enabled_for_disk_encryption", resp.Properties.EnabledForDiskEncryption)
- d.Set("enabled_for_template_deployment", resp.Properties.EnabledForTemplateDeployment)
- d.Set("sku", flattenKeyVaultSku(resp.Properties.Sku))
- d.Set("access_policy", flattenKeyVaultAccessPolicies(resp.Properties.AccessPolicies))
- d.Set("vault_uri", resp.Properties.VaultURI)
- flattenAndSetTags(d, resp.Tags)
+ if props := resp.Properties; props != nil {
+ d.Set("tenant_id", props.TenantID.String())
+ d.Set("enabled_for_deployment", props.EnabledForDeployment)
+ d.Set("enabled_for_disk_encryption", props.EnabledForDiskEncryption)
+ d.Set("enabled_for_template_deployment", props.EnabledForTemplateDeployment)
+ if err := d.Set("sku", flattenKeyVaultSku(props.Sku)); err != nil {
+ return fmt.Errorf("Error flattening `sku` for KeyVault %q: %+v", resp.Name, err)
+ }
+ if err := d.Set("access_policy", flattenKeyVaultAccessPolicies(props.AccessPolicies)); err != nil {
+ return fmt.Errorf("Error flattening `access_policy` for KeyVault %q: %+v", resp.Name, err)
+ }
+ d.Set("vault_uri", props.VaultURI)
+ }
+ flattenAndSetTags(d, resp.Tags)
return nil
}
diff --git a/azurerm/resource_arm_key_vault_test.go b/azurerm/resource_arm_key_vault_test.go
index 15950a8cbbb1..e8f79974d29c 100644
--- a/azurerm/resource_arm_key_vault_test.go
+++ b/azurerm/resource_arm_key_vault_test.go
@@ -230,10 +230,6 @@ resource "azurerm_key_vault" "test" {
"set",
]
}
-
- tags {
- environment = "Production"
- }
}
`, rInt, location, rInt)
}
diff --git a/website/azurerm.erb b/website/azurerm.erb
index e5a91a873599..3df59ea865a6 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -68,14 +68,22 @@
azurerm_image
+ >
+ azurerm_key_vault
+
+
>
azurerm_key_vault_access_policy
+ >
+ azurerm_key_vault_secret
+
+
>
azurerm_kubernetes_cluster
-
+
>
azurerm_managed_disk
diff --git a/website/docs/d/key_vault.html.markdown b/website/docs/d/key_vault.html.markdown
new file mode 100644
index 000000000000..0c9a73e88b47
--- /dev/null
+++ b/website/docs/d/key_vault.html.markdown
@@ -0,0 +1,74 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_key_vault"
+sidebar_current: "docs-azurerm-data-source-key-vault-x"
+description: |-
+ Gets information about a Key Vault.
+---
+
+# Data Source: azurerm_key_vault
+
+Gets information about a Key Vault.
+
+## Example Usage
+
+```hcl
+data "azurerm_key_vault" "test" {
+ name = "mykeyvault"
+ resource_group_name = "some-resource-group"
+}
+
+output "vault_uri" {
+ value = "${data.azurerm_key_vault.test.vault_uri}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Specifies the name of the Key Vault.
+
+* `resource_group_name` - (Required) The name of the Resource Group in which the Key Vault exists.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The Vault ID.
+
+* `vault_uri` - The URI of the vault for performing operations on keys and secrets.
+
+* `location` - The Azure Region in which the Key Vault exists.
+
+* `sku` - A `sku` block as described below.
+
+* `tenant_id` - The Azure Active Directory Tenant ID used for authenticating requests to the Key Vault.
+
+* `access_policy` - One or more `access_policy` blocks as defined below.
+
+* `enabled_for_deployment` - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
+
+* `enabled_for_disk_encryption` - Can Azure Disk Encryption retrieve secrets from the Key Vault?
+
+* `enabled_for_template_deployment` - Can Azure Resource Manager retrieve secrets from the Key Vault?
+
+* `tags` - A mapping of tags assigned to the Key Vault.
+
+A `sku` block exports the following:
+
+* `name` - The name of the SKU used for this Key Vault.
+
+`access_policy` supports the following:
+
+* `tenant_id` - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
+
+* `object_id` - An Object ID of a User, Service Principal or Security Group.
+
+* `application_id` - The Object ID of a Azure Active Directory Application.
+
+* `certificate_permissions` - A list of certificate permissions applicable to this Access Policy.
+
+* `key_permissions` - A list of key permissions applicable to this Access Policy.
+
+* `secret_permissions` - A list of secret permissions applicable to this Access Policy.
\ No newline at end of file
diff --git a/website/docs/d/key_vault_secret.html.markdown b/website/docs/d/key_vault_secret.html.markdown
new file mode 100644
index 000000000000..2274b34ca7fa
--- /dev/null
+++ b/website/docs/d/key_vault_secret.html.markdown
@@ -0,0 +1,47 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_key_vault_secret"
+sidebar_current: "docs-azurerm-data-source-key-vault-secret"
+description: |-
+ Returns information about the specified Key Vault Secret.
+
+---
+
+# Data Source: azurerm_key_vault_secret
+
+Returns information about the specified Key Vault Secret.
+
+~> **Note:** All arguments including the secret value will be stored in the raw state as plain-text.
+[Read more about sensitive data in state](/docs/state/sensitive-data.html).
+
+## Example Usage
+
+```hcl
+data "azurerm_key_vault_secret" "test" {
+ name = "secret-sauce"
+ vault_uri = "https://rickslab.vault.azure.net/"
+}
+
+output "secret_value" {
+ value = "${data.azurerm_key_vault_secret.test.value}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Specifies the name of the Key Vault Secret.
+
+* `vault_uri` - (Required) Specifies the URI used to access the Key Vault instance, available on the `azurerm_key_vault` Data Source / Resource.
+
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The Key Vault Secret ID.
+* `value` - The value of the Key Vault Secret.
+* `version` - The current version of the Key Vault Secret.
+* `content_type` - The content type for the Key Vault Secret.
+* `tags` - Any tags assigned to this resource.
diff --git a/website/docs/d/public_ips.html.markdown b/website/docs/d/public_ips.html.markdown
index 09051f11cc99..d2fbeb9c1aca 100644
--- a/website/docs/d/public_ips.html.markdown
+++ b/website/docs/d/public_ips.html.markdown
@@ -6,7 +6,7 @@ description: |-
Provides a list of public IP addresses.
---
-# azurerm_public_ips
+# Data Source: azurerm_public_ips
Use this data source to access a filtered list of Public IP Addresses
diff --git a/website/docs/d/recovery_services_vault.markdown b/website/docs/d/recovery_services_vault.markdown
index 3a29a6824ccb..96c5267d7d9b 100644
--- a/website/docs/d/recovery_services_vault.markdown
+++ b/website/docs/d/recovery_services_vault.markdown
@@ -6,7 +6,7 @@ description: |-
Get information about the specified Recovery Services Vault.
---
-# azurerm_recovery_services_vault
+# Data Source: azurerm_recovery_services_vault
Use this data source to access the properties of an Recovery Services Vault.
diff --git a/website/docs/r/key_vault.html.markdown b/website/docs/r/key_vault.html.markdown
index 1a139de54abb..8075ec52c174 100644
--- a/website/docs/r/key_vault.html.markdown
+++ b/website/docs/r/key_vault.html.markdown
@@ -3,12 +3,12 @@ layout: "azurerm"
page_title: "Azure Resource Manager: azurerm_key_vault"
sidebar_current: "docs-azurerm-resource-key-vault-x"
description: |-
- Create a Key Vault.
+ Manages a Key Vault.
---
-# azurerm\_key\_vault
+# azurerm_key_vault
-Create a Key Vault.
+Manages a Key Vault.
## Example Usage
@@ -54,14 +54,14 @@ resource "azurerm_key_vault" "test" {
The following arguments are supported:
-* `name` - (Required) Specifies the name of the Key Vault resource. Changing this
+* `name` - (Required) Specifies the name of the Key Vault. Changing this
forces a new resource to be created.
* `location` - (Required) Specifies the supported Azure location where the resource exists.
Changing this forces a new resource to be created.
* `resource_group_name` - (Required) The name of the resource group in which to
- create the namespace. Changing this forces a new resource to be created.
+ create the Key Vault. Changing this forces a new resource to be created.
* `sku` - (Required) An SKU block as described below.
diff --git a/website/docs/r/key_vault_secret.html.markdown b/website/docs/r/key_vault_secret.html.markdown
index 1de6e5a2477c..54df8eb22a24 100644
--- a/website/docs/r/key_vault_secret.html.markdown
+++ b/website/docs/r/key_vault_secret.html.markdown
@@ -7,10 +7,13 @@ description: |-
---
-# azurerm\_key\_vault\_secret
+# azurerm_key_vault_secret
Manages a Key Vault Secret.
+~> **Note:** All arguments including the secret value will be stored in the raw state as plain-text.
+[Read more about sensitive data in state](/docs/state/sensitive-data.html).
+
## Example Usage
```hcl