Use KeyVault with a Dynamic resourceId

Last updated: 12/09/2018

This template creates a SQL Server and uses an admin password from Key Vault. The reference parameter for the Key Vault secret is created at deployment time using a nested template. This allows the user to simply pass parameter values to the template rather than create a reference parameter in the parameter file.

This Azure Resource Manager (ARM) template was created by a member of the community and not by Microsoft. Each ARM template is licensed to you under a licence agreement by its owner, not Microsoft. Microsoft is not responsible for ARM templates provided and licensed by community members and does not screen for security, compatibility or performance. Community ARM templates are not supported under any Microsoft support programme or service, and are made available AS IS without warranty of any kind.

Parameters

Parameter Name Description
location The location where the resources will be deployed.
vaultName The name of the keyvault that contains the secret.
secretName The name of the secret.
vaultResourceGroupName The name of the resource group that contains the keyvault.
vaultSubscription The name of the subscription that contains the keyvault.
_artifactsLocation The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated.
_artifactsLocationSasToken The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated.

Use the template

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-key-vault-use-dynamic-id/azuredeploy.json
Installing and configuring Azure PowerShell

Command line

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-key-vault-use-dynamic-id/azuredeploy.json
Installing and configuring the Azure cross-platform command-line interface