How can I pass a reference in the TemplateParameterObject parameter when deploying an ARMtemplate

Question

When executing the New-AzureRmResourceGroupDeployment command you can pass template parameters via the TemplateParameterObject parameter. That works great for simple properties and arrays but I cannot seem to get it to work for references. So something that would look like this in an ARM template parameter file:

"adminPassword": {
  "reference": {
    "keyVault": {
      "id": "/subscriptions/365d8c14-efa0-437e-a2c8-c3ffc8f6287a/resourceGroups/musw1-prf-jboyd-kv-rg/providers/Microsoft.KeyVault/vaults/musw1-prf-jboyd-kv"
    },
    "secretName": "adminPassword"
  }
}

I have tried this:

$parameters = @{
    adminPassword = @{
        reference = @{
            keyVault = @{
                id = $KeyVaultId
            }
            secretName = 'adminPassword'
        }
    }
}

New-AzureRmResourceGroupDeployment `
    -ResourceGroupName $ResourceGroupName `
    -TemplateFile $TemplateFile `
    -TemplateParameterObject $parameters

But all I get is:

Deployment template validation failed: 'The provided value for the template parameter 'adminPassword' at line '13' and column '27' is not valid.'.

AndyHerb · Accepted Answer

Currently, Key Vault references in ARM Template Parameters appears only to be supported via Parameter Files and not Parameter Objects: See here for the issue that's been raised with Microsoft

Whilst it's not as friendly as using -TemplateParameterObject, one work-around which would allow you scripting without exposing your Key Vault secrets, would be to programatically create and populate your JSON Template file via PowerShell, then pass that into New-AzureRmResourceGroupDeployment. By doing this, you can continue to reference the Key Vault secret indirectly without storing it locally or exposing it as clear text in any way.

How can I pass a reference in the TemplateParameterObject parameter when deploying an ARMtemplate

Answers (2)

Related Questions