Back to Azure Bicep templates index <–
Creates a key vault for the storage of secrets, keys and certificates
Template Locations
Online documentation
Template reference
Service description
Related Azure Resources
| Resource | Description | Automation |
|---|---|---|
| KeyVault update secret | Update or add a secret to an existing Azure KeyVault. Used during release when a resource is created which exposes a secret. | ARM |
Related Pipelines
| Resource | Description | Type |
|---|---|---|
| Create a Certificate for ASF | ||
| Azure KeyVault release pipeline | . |
Requirements
- Resource group must been created with a valid name and location.
Input values
- tagBillingIdentifier: Cost Center.
- accessPolicies: collection of principalId’s, just with the powershell script: ….
- kvtSkuName: Standard or Premium, default to Standard.
- kvtEnabledForDeployment:set TRUE to enable access for deployments.
- kvtEnabledForTemplateDeployment:set TRUE to enable access for Template deployments.
- kvtEnabledForDiskEncryption:set TRUE to enable access for disk encryption.
- kvtEnableSoftDelete: Enable the soft delete option for the Keyvault.
- EnablePrivateEndpoint: Enable network access via a private endpoint.
- PrivateEndpointVirtualNetworkName: The name of the virtual network in which the private endpoint should be created.
- PrivateEndpointSubNetName: The name of the Subnet in which the private endpoint should be created.
Output values
- kvtName: The name of the Keyvault
- kvtResourceId : The resource Id associated with the KeyVault
- kvtUri: The Uri of the KeyVault
Additional information
Use an Azure keyvault to store secrets, keys and certificates in a secure way. The keys, secrets and certificates can be used in deployments and, when created, be read by (system)users.
The template KeyVault Update Secret can be used for adding and updating secrets. When an Azure Resource creates a secret which should be in the KeyVault use this template to update it.