使用ARM模板创建密钥保管库证书

时间:2018-04-12 06:22:06

标签: azure azure-resource-manager arm-template

我想创建一个Key Vault,并使用ARM模板为其添加机密和证书。我已经找到了创建密钥保管库以及向其添加秘密的方法,但是找不到任何相关的解决方案,仅使用ARM模板将新的自签名证书添加到密钥保管库。

ARM模板目前是否支持此功能?

4 个答案:

答案 0 :(得分:2)

不,目前不支持此功能。您只能使用ARM模板创建机密。

答案 1 :(得分:1)

我所做的是:

设置一个端点,为每个请求创建一个随机证书: https://management.dotnetdevops.org/providers/DotNetDevOps.AzureTemplates/templates/KeyVault/certificates/demo/parameters?secretName=test&keyVaultName=test

它输出以下内容:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "keyVaultName": {
      "value": "test"
    },
    "secretName": {
      "value": "test"
    },
    "secretValue": {
      "value": "MIIJqgIBAzCCCWYGCSqGSIb3DQEHAaCCCVcEgglTMIIJTzCCBggGCSqGSIb3DQEHAaCCBfkEggX1MIIF8TCCBe0GCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAiiGhNFSYqNpQICB9AEggTY7pJkDRCcQeMeS3+fB9Trh+jZ+/f0xdmgc1hzIJUfB6nYZlRV5tkf9kn/lhEiUpunZBRd+vZbWCDUjyVD9tK1tYkTjxfSMrGxTiT+QkP2R3Mx35b02A8ztcCM/KOmZ6HBuDBjsToijp5a9sySf4oCfUvo1bUkvGVYD27s7+X7vanimxad5eqLuXsA7DDPTp2Yfu/bTwf+YK0STk6nPax6jceLq1svoj5SUNxSELjABQ2MIL5ONhcnvVAS9QJiVWl0fSIZoLuUtJz9LOYu1joqxQtRdUNVV4Uzg49ctSdqo0SUyS8g6rsauTTK/70ab+xVkLLUwsFNKfRJEv3M25Y+v7YSzpzXHnEm3W3kxdLdNWnaqhOBpKHR18anqvW5D7wsFNpxBQzMaGiHARoUUSp5vPsu6PUiVO0210HAQnpYDi54HeRjSK6fjvCvF0c53uqephrLiZ2MCReCdoXJCny73zuc3A9LJset+REZxocmBd/w1t3fVMC0h95BEa5983Caxf8a172kq0CM11mKQJYcygsUD6x/USHWotz/fiIVZX0ge+7Eu9wPh1We1eFPO/2sOTge/ArIF4jEsESn4j0hEw2/YnUD3g2+ae4I8yXr2uBzzfNlXwx60wnNGxPa/Kiz7lYCj5iV3ooPmemnF1gCzoo3XiRdgTiJiAQLMiN5ySJWavj2eNiIoEdM6pBWllVLP4tbM7Sw/mp618YKnWsnUB6YghQ54FyGEeW5dwzHlwwVRiOR+aismRCp/hNoyEyYfG1xgwDL6bTi/mjRRLHBft9My3qA0t2x7bKjvSJYBtmmngW/PVZvtG6PtqD1dhtieHpNgMVGKEXxKec6qAqK9K/tsgJvs7qDszWXxvIz1BDSsIGCKAbHDod4rq+Wru5g81S0j/XbjParZiQB7QXCOK7y0UYSBXapo1aPk/n8Nu7FjqesNSC1vwPYbaEiqhYMUs7k/Owqkk2+CQYoZtgU/K/VTeOJ6ivVIwT6NMTHJc83SrivSuH+IpOd6BR7viX8OUUTv1EKaBM1LB+E/3/W2UnLyOK7yEeQxlLjbyFcav5pyjhAYK0k/OSH4Y8XMkYz4UXnbj0sHzTbV8qfY6WmzHlmwfOePCVRAeYBtiH0XF4EObTE2nFfx1wtJ60VCoATISi4u2KeeW7uacCWENV0fck3maOi+hVjfvkekNWkwwc0oc57juRgZyp8N+QKlPkIjkAzwrXl47GMIxdYEAnp/lKgGB0kRCCAfSYLWwZwx4SS7LLJ2Jk62v7rcfT4k1Doj1FcZl2N7jnivmLq39exbBkHJxn63vvzqEh0X9xqNW85gufXKoRpDFyMmXE2MM+nato5PykghRbtTWZwIeM2/dfTp+Ek9iJE1elgvl5FoUQvIlXqGR9VrCn2Mc1TZqkbgVIHxENnicbTDHQfF2wdjFAz7GuErhsYnfnkV1f3jJESEXYOUwa6ASJ9MwKpoh9ID+4EgryW6SeB/ASn+OZh8uaEeySBc2g08/1zlykyHVjoJfrS1sjHYY5tpaYU6QfyKjDxEAoRU61C77ZW6pcM93qZ4PzCaNsBe5YWF4c04HBkeqmLrDpwPCHaggjhpY4nStj1wkOT9lgZ3n3wtHgxL/sNTHEgqiRDXVEm9uww65jF/WaZ28o04DGB2zATBgkqhkiG9w0BCRUxBgQEAQAAADBXBgkqhkiG9w0BCRQxSh5IADkAMQA4ADMAMQA4ADEAOQAtADUANQBlAGMALQA0ADMAMwBhAC0AYgA3ADcAZQAtAGQANABmADQAZgA2ADAANQA4AGUAZAAwMGsGCSsGAQQBgjcRATFeHlwATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByACAAdgAxAC4AMDCCAz8GCSqGSIb3DQEHBqCCAzAwggMsAgEAMIIDJQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIFT5eOqT4b3YCAgfQgIIC+NoDY6y585vft7/ioW7mEzBXnqgwqx4nxYqM3iMFgSdGpm8PurwmInKwAxIqlKxIGTZ2VIHI4FeYVyKat86clp21go8CjQMnLDhU4tJ9jZet59mfZlG0lNBVE9XybOGvIE7nvtUo8CBo5ZgajUwUQ1ix9bes9d1lWmjPVHj0DJ7e0O4WIisya2MPYewHO6oIHlLxclTIA/Cnpf6Co9CxFyrKa8iYu+ot5apUu/q/ufsUc8H5/0sNxL+eHlFta79TKKVTsNhunY6LJjmhrgWPhcgaM1oXa0S6RudZnRn/ZLjbQ1eTL0dCkBAD35OtoRHvvXC5ir0WOxPiiSp224z+5b7Q3M5opefZs3ZGva55YMM1Yk/kmtM9QeDmXOId4CyZd6EG/PGVewFM6gqlOW1AnO1pvpobo9zxdT/ojngYa7orZHUDk6V33nqgQapn/nAiM8KuooosdCyJNY1Cm9TSHd+rwjlGNsvO0WMDzjWbiZ2MtBUq2EcN+YuXerTJLak6tteaRnLR+x+K2JE9VyyFmeAtSDbqvPfbQGwRbPl3UW6H6+YiGjKDN/NaGPRK8IbvA2G4JT/pYUV02cpLNZWO2PfvuxWr1QyI2aC+B3Vj2hEaN1GjlwEFMR6dEeLqK+hCfsdrrBsqmxi/xGWIN3HJrUv5F6qg7NguvSmxn+ZGTHepKDIJsxYrHK4ScwFmkEfeUwsPsztmoCWe8VdVehy4uPNDaS0hG5jdkacI3H1dteghVO3Ht8RstEg3VCJtfRfquPKWuYmTcBkTxiI7UC9W088IVwgK4N03umFpPRXlDO4dlEpiMpHN+QUAmZMYQqPMLvUWJr4yxV7i3TQF6ZrzJhdhS/J02qIB/iwTPY1mN4fxlS+075Zj/PIT5o4tKEeE0JFgG7Of1I+anYkIRdqS0Q3Kqy/QwhoI5QQJPZkF0aGN8i//R6xbzB4IfosDTJVY5rLX7qUP9h9y3zX4ZSdrWu7Nf5EP1IGJxO0g60dmV3t6POskIvdaMfQwOzAfMAcGBSsOAwIaBBSzZWE3QMjgdqf16Tqp2in3nqYkKwQUE74Jk2p96H2Uiw8jneKwAwDgzrACAgfQ"
    },
    "certificateThumbprint": {
      "value": "AD99382EECC21A3456FFDD0B10FDB0399C53BF10"
    }
  }
}

这是使用嵌套模板部署的

    {
        "type": "Microsoft.Resources/deployments",
        "name": "CreateCertificate",
        "apiVersion": "2016-09-01",
        "properties": {
            "mode": "Incremental",
            "templateLink": {
                "uri": "[concat('https://management.dotnetdevops.org/providers/DotNetDevOps.AzureTemplates/templates/KeyVault/certificates/demo?secretName=test&keyVaultName=',reference('DeployKeyvault').outputs.keyVaultName.value)]",
                "contentVersion": "1.0.0.0"
            },
            "parametersLink": {
                "uri": "[concat('https://management.dotnetdevops.org/providers/DotNetDevOps.AzureTemplates/templates/KeyVault/certificates/demo/parameters?secretName=test&keyVaultName=',reference('DeployKeyvault').outputs.keyVaultName.value)]",
                "contentVersion": "1.0.0.0"
            }
        }
    },

这在此用例中很好用。

答案 2 :(得分:0)

如前所述,当前不支持此功能。

您可以做的是创建用于导入证书的Powershell脚本。 Import-AzureKeyVaultCertificate一定会帮助您。 只需在Key Vault本身的部署完成后运行脚本,即可导入证书。

希望对您有帮助。

答案 3 :(得分:0)

当前不支持该证书。您只能使用ARM模板创建机密。

您可以在ARM模板中使用自定义PowerShell脚本,从而可以实现正在尝试的一切

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template?tabs=CLI

相关问题
最新问题