Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
azure cli sample
KEYVAULT_NAME=donovankv
RESOURCEGROUP=donovan
MY_SECRET_VALUE=donovan
FUNCTIONAPP_STORAGEACCOUNT_NAME=donovanstore
LOCATION=westeurope
FUNCTIONAPP_NAME=donovanfa
. ./resources.sh
set -x -e
az group create -n $RESOURCEGROUP -l $LOCATION
az keyvault create --name $KEYVAULT_NAME --resource-group $RESOURCEGROUP --enabled-for-template-deployment --enabled-for-deployment
az keyvault secret set --vault-name $KEYVAULT_NAME --name my-secret --value $MY_SECRET_VALUE
az storage account create -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --sku Standard_LRS
FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID=$(az storage account show -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --query id --output tsv)
az functionapp create -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME -s $FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID --consumption-plan-location $LOCATION
az functionapp identity assign -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME
IDENTITY_ID=$(az functionapp identity show -n $FUNCTIONAPP_NAME -g $RESOURCEGROUP --query principalId -o tsv)
az keyvault set-policy --secret-permissions get -n $KEYVAULT_NAME -g $RESOURCEGROUP --object-id $IDENTITY_ID
@pascalnaber

This comment has been minimized.

Copy link
Owner Author

commented Jan 9, 2019

Idempotent way of creating a resourcegroup with key vault, stored a secret, created a function App, enable managed ID on it and granted it permissions to the key vault with a single file.

@DarqueWarrior

This comment has been minimized.

Copy link

commented Jan 9, 2019

Well done. This is a lot less code to manage and could be checked in to source control and run during a release. I will play with it some more. Thanks for cranking this out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.