CMK on existing CosmosDB account using Terraform

Suresh Bettadapur 76 Reputation points
2024-09-04T11:23:33.9233333+00:00

Hello All

How do we do encryption of existing CosmosDB account using Terraform? When I try, it is trying to recreate the instance. Can you kindly advice?

Regards

Suresh

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,610 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ShaktiSingh-MSFT 14,906 Reputation points
    2024-09-04T12:31:54.7666667+00:00

    Hi Suresh Bettadapur •,

    Welcome to Microsoft Q&A forum.

    As I understand, you want to do encryption on an existing Azure Cosmos DB account using Terraform.

    Please refer to the document:

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account

    Here you have key_vault_key_id - (Optional) A versionless Key Vault Key ID for CMK encryption. Changing this forces a new resource to be created.

    In order to use a Custom Key from Key Vault for encryption you must grant Azure Cosmos DB Service access to your key vault. For instructions on how to configure your Key Vault correctly please refer to the product documentation

    Let us know if this helps or you have a different ask.

    Thanks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.