top of page

Azure Key Vault – Using in arm template parameter files

Let’s start from the beginning, Microsoft says:

“Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is a logical group of secrets.”

A colleague of mine told me about using a key vault reference in an arm template parameters file, the idea would be for accessing data like a password of a user for an SQL Server connection.

The idea was brilliant, first, no passwords referenced in any file, second, deploying to a new environment, only thing that we need to change is the Resurce Group name, and Artifact name (Key Vault Name) from the ID of the resource.

That part it is easy if you work with some standard naming convention, for Azure purpose, and mentioned already in my previous post. Link:

As an example please see below JSON parameter, this is an example from a parameter file.

“sql_1_password”: { “reference”: { “keyVault”: { “id”: “/subscriptions/[Dubscription Id]/resourceGroups/[Resource Group]/providers/Microsoft.KeyVault/vaults/[Key Vault Name]” }, “secretName”: “[Sql Password]” }

So, you would have one parameter file per environment, the only thing you would need to change from example above is [Resoure Group] and [Key Vault Name], keeping the same secret name in the other key vaults in the other resource groups will work with no problems at all.

In next post will tell another scenario where using Key Vault in arm parameters files is useful.

Anything please comment here or contact us.

Hope it helps.

Follow us.

Thank you.

10 views0 comments

Recent Posts

See All

CRM 365 - Customer field only show Accounts

On a customer field, if the requirement is to only show Accounts, please add this line to the OnLoad of the form: //Show only Account records when selecting the Customer formContext.getControl("cu

Execute Workflow Request on CRM 365 Cloud

Please find below an example of calling the Execute method to run a workflow on CRM 365 Cloud. let Id ='{', '').replace('}', ''); let request =


bottom of page