steve238
Reputation: 1259
Get Azure KeyVault Secrets from the KeyVault to an App Service using ARM Templates
In the Microsoft KeyVault resource I have a secret:
{
"type": "secrets",
"apiVersion": "2016-10-01",
"name": "mongodb",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', variables('vault').name)]"
],
"properties": {
"attributes": {
"enabled": true
},
"value": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosAccountName')), '2019-12-12').connectionStrings[0].connectionString]"
}
}
I want to extract this value and store it in a key-value pair in an App Service.
"siteConfig": {
"appSettings": [
{
"name": "COSMOS_CONNECTION_STRING",
"value": ""
}
]
}
They are in the same resource group.
How do I get the value out of the keyvault?
Upvotes: 0
Views: 322
Answers (1)
steve238
Reputation: 1259
First you need to give the App Service permission to read the keys from the KeyVault, which is done by creating an Access Policy.
This is done by:
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"apiVersion": "2016-10-01",
"name": "[concat( variables('vault').name, '/replace')]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', variables('vault').name)]",
],
"properties": {
"accessPolicies": [
{
"tenantId": "[subscription().tenantId]",
"objectId": "[reference(resourceId('Microsoft.Web/sites', variables('AppService').name), '2016-08-01', 'Full').identity.principalId]",
"permissions": {
"keys": [
],
"secrets": [
"Get",
"List"
],
"certificates": []
}
}
]
}
}
Then you can access the secret key by:
@Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret)
Where myvault is the name of your vault and
mysecret is the name of your secret key
This will create a KeyVault Reference.
Upvotes: 1
Related Questions
- Azure ARM template how to get dynamic keyvault appsettings to function
- Upload Key Vault Certificate and access it in App Service through ARM Template
- How do I pass secret value from keyvault using Azure ARM Template
- Accessing secrets in Azure ARM templates
- Use Key Vault references for App Service via ARM template
- Azure Key Vault access from ARM Template
- Using secret from Azure KeyVault in Azure ARM Template
- referencing a KeyVault secret in an ARM template fails with 'The resource is not defined in the template'
- Pass Service Principal Client Id and Secret to ARM Template
- Key vault values from deployment, and linked templates parameters