1. 技术文章
  2. Can Secrets From Objects Created in ARM Templates Get Auto Added to Key Vault

Can Secrets From Objects Created in ARM Templates Get Auto Added to Key Vault

∥☆過路亽.° 提交于 2019-12-20 04:24:08

问题


If I have an Azure ARM template that can create:

  • Azure Container Registry
  • Azure Key Vault

Is there a way for the username and password for the Azure Container Registry to be automatically be added to the Azure Key Vault using ARM templates?

Is there some way to refer to the Azure Container Registry username and password secrets in ARM templates for this purpose?

UPDATE

@EdBoykin's answer is correct, this is what I ended up with:

{
  "type": "Microsoft.KeyVault/vaults/secrets",
  "name": "[concat(parameters('key_vault_name'), '/AzureContainerRegistryKey1')]",
  "apiVersion": "2015-06-01",
  "properties": {
    "contentType": "text/plain",
    "value": "[listCredentials(resourceId('Microsoft.ContainerRegistry/registries', parameters('container_registry_name')), '2017-10-01').passwords[0].value]"
  },
  "dependsOn": [
    "[concat('Microsoft.KeyVault/vaults/', parameters('key_vault_name'))]",
    "[concat('Microsoft.ContainerRegistry/registries/', parameters('container_registry_name'))]"
  ]
}

回答1:


Muhammad, To create the secrets in KeyVault you will need to create an ARM template that looks something like this. Make sure to update the 'dependson' section so this resource depends on your ACR being created first. The username is going to be the ACR resource name. So, whatever you set that to in your ARM script, you can store in your key vault as a key vault secret.

For the passwords, or keys, this is what you do. Here is a sample template for adding a KeyVault secret

{
  "type": "Microsoft.KeyVault/vaults/secrets",
  "name": "[concat(variables('keyVaultName'), '/{YourACRKey1SecretName}')]",
  "apiVersion": "2015-06-01",
  "properties": {
    "contentType": "text/plain",
    "value": "[listCredentials(resourceId('Microsoft.ContainerRegistry/registries', parameters('YourACRName')), '2017-10-01').passwords[0].value]"
  },
  "dependsOn": []
}

{YourACRKey1SecretName} should be changed to the secret name for your ACR Key1 value.

To set the other key in your keyvault, create another key vault secret resource with a new name and use this for the value:

For Key 2

[listCredentials(resourceId('Microsoft.ContainerRegistry/registries', parameters('YourACRName')), '2017-10-01').passwords[1].value]


来源:https://stackoverflow.com/questions/53012377/can-secrets-from-objects-created-in-arm-templates-get-auto-added-to-key-vault

标签
azure
azure-resource-manager
azure-keyvault
arm-template
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!