Skip to content

[AVM Module Issue]: Not able to set Customer-managed key for CosmosDBAccount #3748

New issue
New issue
Open
#5958
Open
[AVM Module Issue]: Not able to set Customer-managed key for CosmosDBAccount#3748
#5958
Assignees
seesharprun
Labels
Class: Resource Module 📦This is a resource moduleType: AVM 🅰️ ✌️ Ⓜ️This is an AVM related issueType: Feature Request ➕New feature or request
@dmusic

Description

@dmusic
dmusic
opened on Nov 7, 2024

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

Module Name

avm/res/document-db/database-account

(Optional) Module Version

0.8.1

Description

Description

In CosmosDB Account AVM, it is not possible to set customer-managed key for encryption.

Following properties are missing:

  • keyVaultKeyUri - The URI of the key vault
  • defaultIdentity - The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more.

See plain Bicep: https://learn.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2023-04-15/databaseAccounts?pivots=deployment-language-bicep

This would enable direct encryption of CosmosDB Account with CMK.

(Optional) Correlation Id

No response

Metadata

Metadata

Assignees

Labels

Class: Resource Module 📦This is a resource moduleType: AVM 🅰️ ✌️ Ⓜ️This is an AVM related issueType: Feature Request ➕New feature or request

Type

No type

Projects

AVM - Module Issues

Status

In Active Discussion

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions