Instantly share code, notes, and snippets.

Embed
What would you like to do?
azure cli sample
KEYVAULT_NAME=donovankv
RESOURCEGROUP=donovan
MY_SECRET_VALUE=donovan
FUNCTIONAPP_STORAGEACCOUNT_NAME=donovanstore
LOCATION=westeurope
FUNCTIONAPP_NAME=donovanfa
. ./resources.sh
set -x -e
az group create -n $RESOURCEGROUP -l $LOCATION
az keyvault create --name $KEYVAULT_NAME --resource-group $RESOURCEGROUP --enabled-for-template-deployment --enabled-for-deployment
az keyvault secret set --vault-name $KEYVAULT_NAME --name my-secret --value $MY_SECRET_VALUE
az storage account create -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --sku Standard_LRS
FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID=$(az storage account show -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --query id --output tsv)
az functionapp create -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME -s $FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID --consumption-plan-location $LOCATION
az functionapp identity assign -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME
IDENTITY_ID=$(az functionapp identity show -n $FUNCTIONAPP_NAME -g $RESOURCEGROUP --query principalId -o tsv)
az keyvault set-policy --secret-permissions get -n $KEYVAULT_NAME -g $RESOURCEGROUP --object-id $IDENTITY_ID
@pascalnaber

This comment has been minimized.

Copy link
Owner Author

pascalnaber commented Jan 9, 2019

Idempotent way of creating a resourcegroup with key vault, stored a secret, created a function App, enable managed ID on it and granted it permissions to the key vault with a single file.

@DarqueWarrior

This comment has been minimized.

Copy link

DarqueWarrior commented Jan 9, 2019

Well done. This is a lot less code to manage and could be checked in to source control and run during a release. I will play with it some more. Thanks for cranking this out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment