Can Secrets From Objects Created in ARM Templates Get Auto Added to Key Vault

Question

If I have an Azure ARM template that can create:

• Azure Container Registry
• Azure Key Vault

Is there a way for the username and password for

Answer 1

Muhammad, To create the secrets in KeyVault you will need to create an ARM template that looks something like this. Make sure to update the 'dependson' section so this resource depends on your ACR being created first. The username is going to be the ACR resource name. So, whatever you set that to in your ARM script, you can store in your key vault as a key vault secret.

For the passwords, or keys, this is what you do. Here is a sample template for adding a KeyVault secret

{
  "type": "Microsoft.KeyVault/vaults/secrets",
  "name": "[concat(variables('keyVaultName'), '/{YourACRKey1SecretName}')]",
  "apiVersion": "2015-06-01",
  "properties": {
    "contentType": "text/plain",
    "value": "[listCredentials(resourceId('Microsoft.ContainerRegistry/registries', parameters('YourACRName')), '2017-10-01').passwords[0].value]"
  },
  "dependsOn": []
}

{YourACRKey1SecretName} should be changed to the secret name for your ACR Key1 value.

To set the other key in your keyvault, create another key vault secret resource with a new name and use this for the value:

For Key 2

[listCredentials(resourceId('Microsoft.ContainerRegistry/registries', parameters('YourACRName')), '2017-10-01').passwords[1].value]