从ARM模板访问Azure Key Vault [英] Azure Key Vault access from ARM Template

问题描述

我试图在我们的ARM部署中添加Azure密钥库集成，因此我们可以将所有密码保留在Azure Key-Vault中.

I was trying to add Azure key vault integration with our ARM deployment, so we can keep all password in Azure Key-Vault.

我正在关注此尝试访问我在Azure KeyVault(dSentienceAnalytics)中创建的机密(adminPassword). 这里是我的模板

I was following this to try to access secret (adminPassword) I have created in Azure KeyVault (dSentienceAnalytics). Here is my template

我试图通过Powershell部署此模板，但是它要求我为变量"adminPassword"输入值，该值应该从Azure密钥库中检索.

I tried to deploy this template through Powershell, but it asked me to enter value for variable "adminPassword", which it supposed to retrieve from Azure key vault.

您看到我在这里想念的吗?

Do you see what I am missing here?

推荐答案

您不能在模板本身中使用KeyVault引用，只能在参数文件中使用.因此，如果您使用的是KeyVault，则模板的外观不会有任何不同，adminPassword参数将被简单地定义为secureString.模板对密码的使用可能看起来像这样:

You cannot use a KeyVault reference in the template itself, only in the parameters file. So your template will not look any differently if you're using KeyVault, the adminPassword parameter will simply be defined as a secureString. The template's use of the password can look exactly like this:

https://github.com/Azure/azure-quickstart-templates/blob/master/101-vm-simple-linux/azuredeploy.json

将在其中使用引用的参数文件.这里的第一个代码示例:

The parameters file, is where the reference will be used. The first code sample here:

向您显示的是参数文件，而不是模板文件的参数对象(这有点令人困惑).

Is showing you the parameters file, not the template file's parameter object (it is a bit confusing).

有关一个非常简单的示例，请参见此处的KeyVaultUse.json和KeyVaultUse.parameters.json:

For a really simple example, see the KeyVaultUse.json and KeyVaultUse.parameters.json here:

https://github.com/rjmax/ArmExamples/tree/master/keyvaultexamples

请注意，KeyVaultUse.json没有什么独特之处或不同之处，密钥"位于参数文件中.

Note that there's nothing unique or different about KeyVaultUse.json, the "key" is in the parameters file.

有帮助吗?

这篇关于从ARM模板访问Azure Key Vault的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！