Skip to content

Instantly share code, notes, and snippets.

@justinyoo
Last active Sep 29, 2021
Embed
What would you like to do?
6 Ways Passing Secrets to ARM Templates
az group deployment create `
-g "my-resource-group" `
--template-file azuredeploy.json `
--parameters `@azuredeploy.parameters.json `
--parameters servicePrincipalTenantId=$tenantId
# The tenand ID is randomly generated one.
$tenantId = ConvertTo-SecureString "da88225f-755d-4758-b6a6-3aaeba1e6264" `
-AsPlainText `
-Force
New-AzureRmResourceGroupDeployment `
-ResourceGroupName "my-resource-group" `
-TemplateFile azuredeploy.json `
-TemplateParameterFile azuredeploy.parameters.json `
-servicePrincipalTenantId $tenantId
"parameters": {
"keyVaultSecretValue": {
"reference": {
"keyVault": {
"id": "/subscriptions/4c52543c-f468-4816-a4d8-7bb46a34e1b7/resourceGroups/rg-arm-kv/providers/Microsoft.KeyVault/vaults/kvarmkv"
},
"secretName": "logicAppKey"
}
}
}
parameters:
keyVaultSecretValue:
reference:
keyVault:
# The subscription ID is randomly generated one
id: "/subscriptions/4c52543c-f468-4816-a4d8-7bb46a34e1b7/resourceGroups/rg-arm-kv/providers/Microsoft.KeyVault/vaults/kvarmkv"
secretName: logicAppKey
"parameters": {
"keyVaultSecretValue": {
"type": "securestring",
"metadata": {
"description": "Value of the secret from Key Vault."
}
}
}
parameters:
keyVaultSecretValue:
type: securestring
metadata:
description: Value of the secret from Key Vault.
"resources": [
{
"comments": "### RESOURCE - LOGIC APP ###",
"apiVersion": "[variables('linked').apiVersion]",
"type": "Microsoft.Resources/deployments",
"name": "[variables('deployments').logicApp]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "https://raw.githubusercontent.com/devkimchi/Handling-Secrets-around-ARM-Templates/master/LogicApp.json"
},
"parameters": {
"keyVaultSecretValue": {
"reference": {
"keyVault": {
"id": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVault').name)]"
},
"secretName": "[variables('keyVault').secrets.name]"
}
}
}
}
}
]
resources:
- comments: "### RESOURCE - LOGIC APP ###"
apiVersion: "[variables('linked').apiVersion]"
type: Microsoft.Resources/deployments
name: "[variables('deployments').logicApp]"
properties:
mode: Incremental
templateLink:
uri: "https://raw.githubusercontent.com/devkimchi/Handling-Secrets-around-ARM-Templates/master/LogicApp.json"
parameters:
keyVaultSecretValue:
reference:
keyVault:
id: "[resourceId('Microsoft.KeyVault/vaults', variables('keyVault').name)]"
secretName: "[variables('keyVault').secrets.name]"
"servicePrincipalTenantId": {
"type": "securestring",
"metadata": {
"description": "Tenant Id of the service principal."
}
}
servicePrincipalTenantId:
type: securestring
metadata:
description: Tenant Id of the service principal.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment