Enable Keyvault certificate to existing Azure app services automatically

Question

I am looking for a automated solution to link Azure Key vault to Existed App/FunctionApps.

Steps followed

1. i understood, we have to enable system identity = true for all the resource as a prerequisite.

2. create Access policy in azure Keyvault for the App/function app and provide access to Certificate.

3. Finally, import the keyvault certificate to Azure appservice. whole process can be done manually. but i am looking for automated solution using powershell, Azure automation or terraform script.

Answer 1

You can use the below to set the access policy for a Web APP after satisfying the prerequisite i.e. System Assigned = true :

Connect-AzAccount
$subscription = "yoursubID"
$appname = "testansumanapp"
$rg = "rgname"
$vaultname = "Keyvaultansumantest01"
$webapp = Get-AzWebApp -ResourceGroupName $rg -Name $appname
$keyvault = Get-AzKeyVault -VaultName $vaultname -ResourceGroupName $rg
$newaccesspolicy= Set-AzKeyVaultAccessPolicy -VaultName $vaultname -ObjectId $webapp.Identity.PrincipalId -PermissionsToSecrets all -PermissionsToCertificates all -PermissionsToKeys all
$webappconfig= az webapp config set -g $rg -n $appname --vnet-route-all-enabled true

Output:

---

And to Import SSL certificate from Keyvault to Web App, You can refer Import-AzWebAppKeyVaultCertificate and SO Thread.