Step by Step ARM Templates - Using Key Vault to Securly Provide Information in ARM Templates

@20aman    Oct 18, 2016

When providing passwords and other secure and confidential information in ARM Templates, you need to ensure that you don't hard code these values anywhere. You don't need to compromise the security of the system while trying to automate deployments. Your end goal is to try to automate as much as possible and reduce manual involvement.

Key Vaults are there to solve this problem without compromising any security. In fact, they make the whole solution more secure with least manual intervention.

Setting up the Key Vault

We first need to setup the Key Vault in Azure to be able to use it via ARM Template parameters.

  1. Create a Key Vault in Azure by going to New -> Security + Identity -> Key Vault. Provide a name, subscription, resource group etc. and provision the Key Vault. Once it is created navigate to it by clicking on "More Services" and searching for Key Vault. Click on the name of the vault you created. Note that this feature is in Preview at the time of writing of this blog.
  2. Next, we need to Add a Secret in the key vault. Click on the Secrets as shown below:
    Adding Secret
    Next, in the "Create a secret" blade, set the Upload Options to Manual. Provide a name and value to the secret. Value is the password you want to securely save. Ensure that the Enabled is set to Yes. Optionally you can set the activation and expiration dates Creating Secret
  3. Next, we will set the Access Policies to provide access to the user under the context of which the template will be deployed. This is the user which will be accessing the Key Vault. Go to Key Vault settings and select Access Policies. Add the new user as shown below: Access Policies
  4. Next, we will set the Advanced Access Policies to indicate that this key vault can be accessed via ARM Templates. Go to Key Vault settings and select Advanced Access Policies. Ensure that the checkbox for "Enable access to Azure Resource Manager for template deployment" is checked as shown below: Access Policies

We are now all set with our Key Vault. Next, we will be using the secret we created to set the local Administrator user's password.

Using the Key Vault Secret in ARM Template



  Azure    ARM   Azure   AzureResourceManager   Templates   KeyVault  
View All Post
Comments powered by Disqus
Follow Me
Latest Posts
Categories
Archives
Tags Cloud