How to use Desired State Configuration in combinition with ARM.
Scope: - We have an Azure virtual machine that is deployed via an ARM template. - The VM has an extension resource in the ARM template, for the Desired State Configuration - We need to pass sensitive parameters (in a secure way!) into the Desired State Configuration (we want to create an additional local windows account with the DSC) - Configuration file is used to know what public key to use for encryption, and to let the VM know which certificate it has to use for decryption (by thumbprint) - When using ARM, you need to define the configuration data file in a separate property - I noticed that the DSC service, automically adds an certificate for document encryption to the VM.
Question: If I want to get this working out of the box, I will need to create the configurationDataFile upfront, and store it somewhere (like blob or something). However, the 'out-of-the-box' certificate on the VM is only known after the ARM template has been deployed.
I was wondering if there is a way to get the encryption/decryption in DSC working, using the out of the box DSC Certificate on the VM, without using different incremental DSC templates. So how can I know the out of the box certificate thumbprint at deployment time? (In the arm template?) Do I actually need to transform the ConfigurationData file for every deployment (and finding the correct thumbprint of the VM), or is there an out of the box way to tell DSC via ARM to use the out of the box created certificate for this?
