Skip to content

Instantly share code, notes, and snippets.

@justinyoo justinyoo/az-cli.txt
Last active Apr 22, 2019

Embed
What would you like to do?
6 Ways Passing Secrets to ARM Templates
az group deployment create `
-g "my-resource-group" `
--template-file azuredeploy.json `
--parameters `@azuredeploy.parameters.json `
--parameters servicePrincipalTenantId=$tenantId
# The tenand ID is randomly generated one.
$tenantId = ConvertTo-SecureString "da88225f-755d-4758-b6a6-3aaeba1e6264" `
-AsPlainText `
-Force
New-AzureRmResourceGroupDeployment `
-ResourceGroupName "my-resource-group" `
-TemplateFile azuredeploy.json `
-TemplateParameterFile azuredeploy.parameters.json `
-servicePrincipalTenantId $tenantId
"parameters": {
"keyVaultSecretValue": {
"reference": {
"keyVault": {
"id": "/subscriptions/4c52543c-f468-4816-a4d8-7bb46a34e1b7/resourceGroups/rg-arm-kv/providers/Microsoft.KeyVault/vaults/kvarmkv"
},
"secretName": "logicAppKey"
}
}
}
parameters:
keyVaultSecretValue:
reference:
keyVault:
# The subscription ID is randomly generated one
id: "/subscriptions/4c52543c-f468-4816-a4d8-7bb46a34e1b7/resourceGroups/rg-arm-kv/providers/Microsoft.KeyVault/vaults/kvarmkv"
secretName: logicAppKey
"parameters": {
"keyVaultSecretValue": {
"type": "securestring",
"metadata": {
"description": "Value of the secret from Key Vault."
}
}
}
parameters:
keyVaultSecretValue:
type: securestring
metadata:
description: Value of the secret from Key Vault.
"resources": [
{
"comments": "### RESOURCE - LOGIC APP ###",
"apiVersion": "[variables('linked').apiVersion]",
"type": "Microsoft.Resources/deployments",
"name": "[variables('deployments').logicApp]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "https://raw.githubusercontent.com/devkimchi/Handling-Secrets-around-ARM-Templates/master/LogicApp.json"
},
"parameters": {
"keyVaultSecretValue": {
"reference": {
"keyVault": {
"id": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVault').name)]"
},
"secretName": "[variables('keyVault').secrets.name]"
}
}
}
}
}
]
resources:
- comments: "### RESOURCE - LOGIC APP ###"
apiVersion: "[variables('linked').apiVersion]"
type: Microsoft.Resources/deployments
name: "[variables('deployments').logicApp]"
properties:
mode: Incremental
templateLink:
uri: "https://raw.githubusercontent.com/devkimchi/Handling-Secrets-around-ARM-Templates/master/LogicApp.json"
parameters:
keyVaultSecretValue:
reference:
keyVault:
id: "[resourceId('Microsoft.KeyVault/vaults', variables('keyVault').name)]"
secretName: "[variables('keyVault').secrets.name]"
"servicePrincipalTenantId": {
"type": "securestring",
"metadata": {
"description": "Tenant Id of the service principal."
}
}
servicePrincipalTenantId:
type: securestring
metadata:
description: Tenant Id of the service principal.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.