keyvault_create.yml

# Description
# ===========
# This playbook create a Key Vault , then add key and secret in it.
# This playbook requires Ansible version >= 2.5, and azure_preview_modules role
# You need to run "ansible-galaxy install azure.azure_preview_modules" to install the role to get lastest Ansible modules.

---
- hosts: localhost
  tasks:
    - name: Prepare random postfix
      set_fact:
        rpfx: "{{ 10000 | random }}"
      run_once: yes

- hosts: localhost
#  roles:
#    - azure.azure_preview_modules
  vars:
    resource_group: "{{ resource_group_name }}"
    location: eastus
    keyvault_name: keyvault{{ rpfx }}
  
  roles:
    - azure.azure_preview_modules

  tasks:
    - name: set facts
      set_fact:
        object_id: "{{ lookup('env', 'AZURE_OBJECT_ID') }}"

    - name: Create a resource group
      azure_rm_resourcegroup:
        name: "{{ resource_group }}"
        location: "{{ location }}"

    - name: Create instance of Key Vault
      azure_rm_keyvault:
        resource_group: "{{ resource_group }}"
        vault_name: "{{ keyvault_name }}"
        vault_tenant: "{{ azure_tenant }}"
        enabled_for_deployment: yes
        sku:
          name: standard
          family: A
        access_policies:
          - object_id: "{{ object_id }}"
            keys:
              - get
              - list
              - update
              - create
              - import
              - delete
              - recover
              - backup
              - restore
            secrets:
              - get
              - list
              - set
              - delete
              - recover
              - backup
              - restore

    - name: create a kevyault key
      block:
        - azure_rm_keyvaultkey:
            keyvault_uri: https://{{ keyvault_name }}.vault.azure.net
            key_name: testkey
            tags:
              testing: test
              delete: on-exit
          register: output
        - assert:
            that: output.changed
      rescue:
        - azure_rm_keyvaultkey:
            keyvault_uri: https://{{ keyvault_name }}.vault.azure.net
            state: absent
            key_name: testkey

    - name: create a kevyault secret
      block:
        - azure_rm_keyvaultsecret:
            keyvault_uri: https://{{ keyvault_name }}.vault.azure.net
            secret_name: testsecret
            secret_value: 'mysecret'