How to dynamically create Azure KeyVault reference in ARM template?

2
votes

I'm using the following piece of code in my ARM template parameters file to retrieve the secret value from keyvault: 

"parameters": {
    "mailAccount": {
             "reference": {
               "keyVault": {
                    "id": "/subscriptions/GUID/resourceGroups/KeyVaultRG/providers/Microsoft.KeyVault/vaults/KeyVault"
                  },
                  "secretName": "mailAccount"
             }
           },

and in the template file: 

  "appSettings": [           
            {
              "name": "mailAccount",
              "value": "[parameters('mailAccount')]"
            },
            {

I'd like to know if it is possible to reference a KeyVault by its name using dynamically constructed object (i.e. not /subscriptions/GUID/resourceGroups/KeyVaultRG/providers/Microsoft.KeyVault/vaults/KeyVault but [resourceId(subscription().subscriptionId, resourcegroup().name, 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]) or [resourceId('Microsoft.KeyVault/vaults', parameters('KeyVaultName'))] ?

In fact, the main objective is to be able to pass the different KeyVault names when deploying templates - where the similar values are stored.
The need to have several KeyVaults is justified by the resources (and cost) separation.

Now I see only validation errors saying ~ resourceId function cannot be used while referencing parameters.

I cannot use nested\linked templates (and output values).

1
azureazure-resource-managerazure-keyvaultarm-template
Nested/linked templates are the only solution to this issue. Can you share what is preventing you from using this solution? - Rich Randall
You don't need to use outputs, but you do need to use nested templates (as Rich mentioned) - bmoore-msft
I'm using this template during programmatically creation of resources in my code (.Net Core web app + Azure API calls). Unfortunately, I was unable to use a nested template when deploying using REST API. - Sergey

1 Answers

1
votes

What I am usually doing to avoid this limitation of the resourceId function is to define a variable with the value of the parameter, then using the variable instead in the resourceId function.

Example:

"parameters": {
        "KeyVaultName": {
            "type": "string",
            "metadata": {
                "description": "Key Vault Name"
            }
        }
},
"variables": {
    "KeyVaultName": "[parameters('KeyVaultName')]"
}

Then when I am referencing the KeyVault resource I reference it using the variable like this:

"[resourceId('Microsoft.KeyVault/vaults', variables('KeyVaultName')]"