Back to Azure Resource templates index <–
Creates a key vault for the storage of secrets, keys and certificates
Template Locations
Infrastructure As Code Advisor (Beta)
WAF-compliance
The WAF-compliance advisor validates templates based on the Well Architected Framework practices. Every day a GitHub Action updates the templates compliance data and lists the recomendations.
Sustainbility Advisor
The sustainability advisor is based on the Sogeti Cloud Reference Architecture with sustainble practices. These sustainble practices cover application code, cloud infrastructures and data. The global Sogeti community is continously evolving the sustainble practices and every day new and tuned are added. For cloud infrastructures the sustainble practices are automatically validated and reported below.
note: when 100% it can be that there is no sustainble practices yet for this Cloud infrastructure.
Online documentation
Template reference
Service description
Related Azure Resources
| Resource | Description | Automation |
|---|---|---|
| KeyVault update secret | Update or add a secret to an existing Azure KeyVault. Used during release when a resource is created which exposes a secret. | ARM |
Related Pipelines
| Resource | Description | Type |
|---|---|---|
| Create a Certificate for ASF | ||
| Azure KeyVault release pipeline | . |
Requirements
- Resource group must been created with a valid name and location.
Input values
- tagBillingIdentifier: Cost Center.
- accessPolicies: collection of principalId’s, just with the powershell script: ….
- kvtSkuName: Standard or Premium, default to Standard.
- kvtEnabledForDeployment:set TRUE to enable access for deployments.
- kvtEnabledForTemplateDeployment:set TRUE to enable access for Template deployments.
- kvtEnabledForDiskEncryption:set TRUE to enable access for disk encryption.
- kvtTenantId:The AAD Tenant Id where the kvtObjectId kvtObjectIdAdmin are stored, should be the same as the directory of the Azure subscription.
Output values
- kvtName
- kvtResourceId
- kvtUri
Additional information
Use an Azure keyvault to store secrets, keys and certificates in a secure way. The keys, secrets and certificates can be used in deployments and, when created, be read by (system)users.
The template KeyVault Update Secret can be used for adding and updating secrets. When an Azure Resource creates a secret which should be in the KeyVault use this template to update it.
Compliance Advisor details
Resource Health Result
| Message | ResourceType | Severity |
|---|---|---|
| It is recommended to use below property for your resource Microsoft.KeyVault/vaults { "enablePurgeProtection": true }Malicious deletion of a key vault can lead to permanent data loss. A malicious insider in your organization can potentially delete and purge key vaults. Purge protection protects you from insider attacks by enforcing a mandatory retention period for soft deleted key vaults. No one inside your organization or Microsoft will be able to purge your key vaults during the soft delete retention period. | Microsoft.KeyVault/vaults | 2 |
| It is recommended to use below property for your resource Microsoft.KeyVault/vaults networkAclsFirewall should be enabled on Key Vault, Key vault's firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the firewall to make sure that only traffic from allowed networks can access your key vault. | Microsoft.KeyVault/vaults | 2 |
| Your current API Version i.e.2019-09-01 for the resource Microsoft.KeyVault/vaults is outdatedconsider updating to new recent version available i.e. 2023-02-01 or 2022-11-01 | Microsoft.KeyVault/vaults | 2 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.KeyVault/vaults | 1 |
| Diagnostic Logs in Key Vault should be enabled | Microsoft.KeyVault/vaults | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.KeyVault/vaults | 1 |
TemplateParameterHealthResult
| Message | Severity |
|---|---|
| It is recommended to make your parameter as camel case, wherever possible for i.e. locationRead More | 1 |
| Define default values for parameters that aren't sensitive. By specifying a default value, it's easier to deploy the template, and users of your template see an example of an appropriate value i.e. kvtCustomNameRead More | 1 |
TemplateVariableHealthResult
| Message | Severity |
|---|---|
| It is recommended to make your variable as camel case, wherever possible for e.g. environmentRead More | 1 |