通过ARM将密钥保管库访问策略添加到现有密钥保管库 [英] Adding a Key Vault Access Policy to an Existing Key Vault via ARM
问题描述
我正在尝试在Azure Devops中进行ARM部署,从而将密钥库访问策略添加到Azure中现有的密钥库中.
I am trying to do an ARM deployment in Azure Devops whereby I add a key vault access policy to an existing key vault in Azure.
I want to use the following ARM template which adds an access policy to an existing Key Vault: https://github.com/Azure/azure-quickstart-templates/tree/master/101-keyvault-add-access-policy
我有一个单独的模板,用于部署App服务并创建系统分配的托管身份.
I have a separate template that deploys an App service and creates a system assigned managed identity.
链接两个模板的最佳方法是什么?如果我还不知道服务原则的对象ID是什么,该如何在添加密钥保管库策略" ARM模板中引用应用程序服务的系统分配的身份?
What is the best way to link the two templates? how do i reference the System Assigned identity of the app service in the 'Add Key Vault Policy' ARM template if I dont know what the object ID of the service Principle is yet?
推荐答案
以下是您如何在其他模板中检索托管身份ID的示例:
here's a sample how you would retrieve the managed identity Id in your other template:
"[reference(concat(resourceId('Microsoft.Web/sites/', %wep_app_name%), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]"
这篇关于通过ARM将密钥保管库访问策略添加到现有密钥保管库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!