terraform { required_providers { azapi = { source = "Azure/azapi" } azurerm = { source = "hashicorp/azurerm" } } } provider "azurerm" { features { } } provider "azapi" { skip_provider_registration = false } variable "resource_name" { type = string default = "acctest0001" } variable "location" { type = string default = "westeurope" } data "azurerm_client_config" "current" { } resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name location = var.location } resource "azapi_resource" "vault" { type = "Microsoft.KeyVault/vaults@2023-02-01" parent_id = azapi_resource.resourceGroup.id name = var.resource_name location = var.location body = { properties = { sku = { family = "A" name = "standard" } accessPolicies = [] enableSoftDelete = true tenantId = data.azurerm_client_config.current.tenant_id } } schema_validation_enabled = false response_export_values = ["*"] lifecycle { ignore_changes = [body.properties.accessPolicies] } } data "azapi_resource_id" "key" { type = "Microsoft.KeyVault/vaults/keys@2023-02-01" parent_id = azapi_resource.vault.id name = var.resource_name } resource "azapi_resource_action" "key" { type = "Microsoft.KeyVault/vaults/keys@2023-02-01" resource_id = data.azapi_resource_id.key.id method = "PUT" body = { properties = { keySize = 2048 kty = "RSA" keyOps = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] } } response_export_values = ["*"] } resource "azapi_resource" "diskEncryptionSet" { type = "Microsoft.Compute/diskEncryptionSets@2022-03-02" parent_id = azapi_resource.resourceGroup.id name = var.resource_name location = var.location identity { type = "SystemAssigned" identity_ids = [] } body = { properties = { activeKey = { keyUrl = azapi_resource_action.key.output.properties.keyUriWithVersion sourceVault = { id = azapi_resource.vault.id } } encryptionType = "EncryptionAtRestWithCustomerKey" rotationToLatestKeyVersionEnabled = false } } schema_validation_enabled = false response_export_values = ["*"] }