'Azure ARM tempate - Key Vault with creating empty/default secrets
I'm deploying an Azure Key Vault with a list of secrets. To achieve this, I used this quickstart-template.
This seems to work fine, but has some problems:
- The secret-value (provided in the parameters.json) is overwritten on each deploy
- I only want to create the secret, so an admin-user can provide the value for it. But removing the Value from the Properties-section leads to an error
BadRequest/An invalid value was provided for 'value'.
The second issue is registered on github, but has anyone found a workaround for this issue?
Solution 1:[1]
If you are looking for an admin to provide the password at a later date I'd recommend attaching an Access Policy to the KeyVault via ARM for the admin and having a dummy value in the password so they can just update in the portal.
Additionally if you aren't really keen on a dummy value or looking at automating the creation/insertion process I'd recommend using PowerShell to create and insert the secret to your Key Vault
For setting secrets via ARM it may look like:
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'),'/',variables('secretName'))]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "text/plain",
"value": "[parameters('secretValue')]"
},
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
]
},
Solution 2:[2]
This worked for me:
az keyvault secret set --vault-name=<vault-name> --name <secret-name> --file /dev/null
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Alastair |