user989988
user989988

Reputation: 3746

Use Key Vault references for App Service via ARM template

I'm using Key Vault references to set secrets from key vault in app settings of App Service via ARM template as shown below:


{
  "variables": {
    "secretA": "secretA",
    "secretB": "secretB"
  },
  "resources": [
    {
      "apiVersion": "",
      "type": "Microsoft.Web/sites",
      "name": "",
      "location": "",
      "kind": "",
      "properties": {
        "serverFarmId": "",
        "clientAffinityEnabled": false,        
        "siteConfig": {},
        "httpsOnly": true        
      },
      "identity": {
        "type": "SystemAssigned"
      },
      "resources": [
        {
            "apiVersion": "2018-02-01",
            "name": "appsettings",
            "type": "config",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', parameters('name'))]",
                "[resourceId('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]",
                "[resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), variables('secretA'))]",
                "[resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), variables('secretB'))]"
            ],
            "properties": {
                "secretA": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('secretA')).secretUriWithVersion, ')')]",
                "secretB": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('secretB')).secretUriWithVersion, ')')]"
            }
        }
      ]
    }
  ]
}

With the above code, I see the following error:

##[error]InvalidTemplate: Deployment template validation failed: 'The template reference 'secretA' is not valid: could not find template resource or resource copy with this name.'

Upvotes: 0

Views: 1654

Answers (1)

4c74356b41
4c74356b41

Reputation: 72191

if you want to reference an existing resource you need to supply API version:

reference(variables('secretA'), '2019-09-01').secretUriWithVersion

you can get api versions with the following:

( Get-AzResourceProvider -ProviderNamespace 'Microsoft.KeyVault' ).ResourceTypes | ft ResourceTypeName, ApiVersions 

Upvotes: 3

Related Questions