I am using ARM template to deploy Azure VM.
template.json
"adminPassword": {
"type": "securestring"
}
parameters.json
"adminPassword": {
"value": null
}
When I use "null" in parameters, It will ask me enter password during deployment.
When I enter the adminPassword during deployment, it is showing as plaintext, But I want it to hidden (such as ******)
How can I achieve this?
As 4c74356b41 said, currently, there is no way to do it directly.
You could use Azure Key Vault to avoid the password showing as plain text.
Key Vault can store two types of information: Keys (Certificates) and Secrets. In your scenario, you need use Secrets. You need create a secrets in KeyVault.
##get password don't show plaintext
read -s password
azure keyvault create --vault-name 'ContosoKeyVault' --resource-group 'ContosoResourceGroup' --location 'East Asia'
azure keyvault secret set --vault-name 'ContosoKeyVault' --secret-name 'SQLPassword' --value "$password"
After this you'll need to enable the Key Vault for template deployment.You can do this using the following commands:
azure keyvault set-policy --vault-name Contoso --enabled-for-template-deployment true
You need modify your parameter like below:
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<subscription-guid>/resourceGroups/<group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
},
"secretName": "<seccret name>"
}
},
You could refer this template: 101-vm-secure-password.
