CODEWITHSUNDEEP
azurepowershellazure-devopsazure-resource-managerazure-rm-template
Kamsiinov
Kamsiinov

Reputation: 1490

Azure ARM template keyvault override in Azure DevOps

How can I override the ARM template Azure keyvault reference in Azure DevOps? I have ARM template which has reference like:

"KeyVaultSecret": {
  "reference": {
    "keyVault": {
      "id": "/subscriptions/214124-1241-526-645-lele/resourceGroups/KEYVAULT-RG/providers/Microsoft.KeyVault/vaults/KeyVault"
    },
    "secretName": "VerySecret"
  }
}

but I would like to override the id and/or secretName in some cases.

Upvotes: 1

Views: 1377

Answers (2)

4c74356b41
4c74356b41

Reputation: 72191

You can always use nested templates to do that, just provide a parameter with value, and then use nested template to invoke that. Here's that is using nested templates to get KV values. you can easily replace hardcoded value which I link to with a parameter or with expression, which would allow you to do what you need.

You might go as far as implementing a "switch" like approach to determine needed value based on resource group name.

Upvotes: 0

Christopher G. Lewis
Christopher G. Lewis

Reputation: 4835

We use powershell to read in the parameter template as a JSON object $Template then replacing the ID value with the appropriate value and writing out the updated object to a Temp file.

$Template["KeyVaultParm"].reference.keyvault.id = "<NewReferenceID>"

This allows us to use the same template with Prod/Dev and have different KeyVaults while using the same ARM template/parameter files.

Upvotes: 1

Related Questions