Reputation: 27
Adding a Key Vault Access Policy to an Existing Key Vault via ARM
I am trying to do an ARM deployment in Azure Devops whereby I add a key vault access policy to an existing key vault in Azure.
I want to use the following ARM template which adds an access policy to an existing Key Vault: https://github.com/Azure/azure-quickstart-templates/tree/master/101-keyvault-add-access-policy
I have a separate template that deploys an App service and creates a system assigned managed identity.
What is the best way to link the two templates? how do i reference the System Assigned identity of the app service in the 'Add Key Vault Policy' ARM template if I dont know what the object ID of the service Principle is yet?
Upvotes: 0
Views: 873
Answers (2)
Reputation: 227
If you want to get the principleId from a logic app consumption you can do like this:
[reference(concat(resourceId(parameters('ResourceGroup'),'Microsoft.Logic/workflows', parameters('logicAppName')), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2018-11-30').principalId]
Upvotes: 0
Reputation: 72191
here's a sample how you would retrieve the managed identity Id in your other template:
"[reference(concat(resourceId('Microsoft.Web/sites/', %wep_app_name%), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]"
Upvotes: 3
Related Questions
- ARM KeyVault Access Policies Conditional Add
- How to add Access Policy to a Keyvault in different Resource Group through ARM Templates
- Create Key Vault certificate using ARM template
- Azure ARM template add deployer object id to key vault access policies
- Use Key Vault references for App Service via ARM template
- Azure Key Vault access from ARM Template
- Adding a ADF permissions to key vault in ARM
- How to grant VM access to Key Vault in the same ARM template
- ARM template Key vault access policy to group instead of identity principle
- Azure ARM template - check for existing Key Vault access policies