Reputation: 45
Add a secret to Vault through ARM without knowing it
I am working with Visual Studio 2019 to create ARM template.
To deploy Resource on Azure, Visual Studio use a powershell, a json parameter and another json for resource.
I have created a keyvault with ARM template in azure. I have put a secret in it. Everything is created as expected.
Now, I don't like to put the password in clear text inside the json.
I'm looking for a way to put a secret without knowing the value by myself. I want to keep thing simple.
Do you know a way to make ARM generate a password for me ? (I don't need to know the password)
Upvotes: 2
Views: 684
Answers (1)
Reputation: 72191
you could use either utcNow() function or deployment().name function as a pseudo random generator combined with uniqueString() function. You could also use resourceGroup().id to ensure unique secrets are generated for each resource group.
That's the best you can get inside arm templates.
Another option would be to call an Azure Function that would generate the password for you and you would use that in the ARM Template.
Upvotes: 2
Related Questions
- Adding a Key Vault Access Policy to an Existing Key Vault via ARM
- How do I reference secret from keyvault as default value in parameter section of ARM template
- Accessing secrets in Azure ARM templates
- Creating a KeyVault secret in an existing keyvault
- Azure Key Vault access from ARM Template
- Using secret from Azure KeyVault in Azure ARM Template
- How to pass DevOps release secrets to ARM for Key Vault Deployment
- How to grant VM access to Key Vault in the same ARM template
- How to update a Secret in Azure Key Vault only if changed in ARM templates or check if it exists
- Can Secrets From Objects Created in ARM Templates Get Auto Added to Key Vault