Reputation: 3583
Azure ARM Template - Is it possible to define SSL binding for App Service with .pfx KeyVault Certificate?
I want to use a linked ARM template for adding a SSL binding for an existing App Service.
So far according to official docs: https://learn.microsoft.com/en-us/azure/templates/microsoft.web/certificates
{
"name": "string",
"type": "Microsoft.Web/certificates",
"apiVersion": "2020-06-01",
"kind": "string",
"location": "string",
"tags": {},
"properties": {
"hostNames": [
"string"
],
"pfxBlob": [
"integer"
],
"password": "string",
"keyVaultId": "string",
"keyVaultSecretName": "string",
"serverFarmId": "string",
"canonicalName": "string"
}
}
There are properties for:
- KeyVaultId
- KeyVaultSecretName
But nothing about KeyVault Certificates.
Are KeyVault Certificates supported at all in ARM?
P.S. I do know that instead of PFX I could just upload the certificate as a KeyVault object backed by a Secret. However i'm insterested in using PFX directly if possible.
Upvotes: 0
Views: 449
Answers (2)
Reputation: 13
It is perfectly possible to use a certificate from Key Vault this way: The KeyVaultSecretName must be the name of the certificate (names are unique across keys, secrets, and certificates) When you create a certificate this way it will reference the certificate in the key vault... The only thing that I encountered is that a "dependsOn" reference in your ARM Template on this certificate doesn't work... so my script is failing the first time because the certificate is not found on resources that depend on it... but it is created nevertheless.
Do keep in mind that the certificate must exist ofcourse.. I use https://github.com/shibayan/keyvault-acmebot for this.
Upvotes: 1
Reputation: 20067
Are KeyVault Certificates supported at all in ARM?
Currently KeyVault only supports adding new secrets using ARM templates. Your needs are temporarily not supported, so it cannot be resolved at this time.
You can put forward your needs in azure key vault user voice, so that the development team can better improve the product.
Upvotes: 1
Related Questions
- How to deploy App Service with managed SSL certificate using ARM
- Upload Key Vault Certificate and access it in App Service through ARM Template
- Create Key Vault certificate using ARM template
- Use Key Vault references for App Service via ARM template
- ARM Template for Importing Azure Key Vault Certificate in Function App
- Specify Function App Configuration with Key Vault Reference in Azure ARM Template
- ARM Template with Key Vault certificate
- How to access SSL in KeyVault from ARM Template
- How do I define a certificate resource in my ARM template when it is hosted in the Key Vault?
- Add PFX Certificate to Azure WebApp using ARM (not for ssl)