使用ARM模板在Azure Vault上列出ListSecrets?

时间:2017-12-28 11:23:03

标签: azure azure-keyvault azure-template

如何使用ARM模板从azure Vault获取秘密?

我的模板:

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "resources": [],
    "outputs": {
        "referenceOutput": {
            "type": "object",
            "value": "[listSecrets(resourceId('my-resource-group', 'Microsoft.KeyVault/vaults/secrets', 'myKeyVault','mySecret'), '2016-10-01')]"
        }
    }
}

然后运行:

az group deployment create -g some-rg --template-file ./arm.json

错误:

Deployment failed. Correlation ID: f76de3f2-a9ff-427c-9ae0-b7b24c3fde5d. {
  "error": {    "code": "BadRequest",    "message": "<!DOCTYPE html P

....

<h2>404 - File or directory not found.</h2>\r\n  <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</ht
ml>\r\n"

1 个答案:

答案 0 :(得分:0)

使用ARM模板无法做到这一点,但您可以在ARM模板中输入秘密以将其作为值传递。

"password": {
    "reference": {
        "keyVault": {
            "id": "vaultId"
        },
        "secretName": "secretName"
    }
}

但您必须知道此表达式不能直接在模板中使用。您可以在参数文件和\或调用嵌套模板时使用它。

此外,您可以对某些资源的某些属性(如VM密码)使用类似的表达式

相关问题
最新问题