search

Azure / azure-blueprints

A library of sample Blueprints that can be easily imported via API or PowerShell
MIT License
258 stars 152 forks source link

Using existing KeyVault secret for Parameters #48

Open chwilfing opened 3 years ago

chwilfing commented 3 years ago

Hi,

I'm currently building some samples for a customer to deploy partial environments building one on another. The issue I see or probably don't understand is using KeyVault Secrets of existing keys as input to blueprint artifacts. In my case I've an existing keyvault based on a blueprint created which is working fine. The next blueprint will create a single VM referencing the admin password of the already existing keyvault but the keyvault id for the secret is built with the resourceid function and i can't get it to work. Example:

Blueprint artifact of the Virtual machine / parameters section: 

"AdminPassword": {
    "reference": {
        "keyVault": {
            "id": "[resourceId(parameters('bpKeyVaultRG'), 'Microsoft.KeyVault/vaults', parameters('bpKeyVaultName'))]"
        },
        "secretName": "[parameters('bpVMAdmin')]"
    }
},

this way i get an error opening the blueprint blade in the portal:

image

Even if I hardcode the values of id / secretname - the error stays.

The idea is to have the path to the keyvault built based on some of the parameters built and reference the secret without knowing / hardcoding the keyvault ID / path. My understanding was, the parameters section of the artifact file replaces the parameters file of a arm template and therefore should work with using reference int he parameters section.