Azure key vaults protected by vNet (vitual network) need to be added with local IP addreses, to allowed IP list, if need to access secrets etc. in the key vault from the local machines (not considering VPN and private endpoints). How to use dynamic list of IPs need to be whitelisted in the key vault, conditionally via terraform IaC (infrastructure as code) is bit tricky to implement. In this post let's explore how to dynamically whitelist, set of IPs in Azure key vault using terraform, with an example.
Consider a situation, where few IPs need to be whitelisted in key vault always and few other IPs (let's say set of developer machine IPs), only in development environment.