How to dynamically create Azure KeyVault reference in ARM template?

2
votes

I'm using the following piece of code in my ARM template parameters file to retrieve the secret value from keyvault: 

"parameters": {
    "mailAccount": {
             "reference": {
               "keyVault": {
                    "id": "/subscriptions/GUID/resourceGroups/KeyVaultRG/providers/Microsoft.KeyVault/vaults/KeyVault"
                  },
                  "secretName": "mailAccount"
             }
           },

and in the template file: 

  "appSettings": [           
            {
              "name": "mailAccount",
              "value": "[parameters('mailAccount')]"
            },
            {

I'd like to know if it is possible to reference a KeyVault by its name using dynamically constructed object (i.e. not /subscriptions/GUID/resourceGroups/KeyVaultRG/providers/Microsoft.KeyVault/vaults/KeyVault but [resourceId(subscription().subscriptionId, resourcegroup().name, 'Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]) or [resourceId('Microsoft.KeyVault/vaults', parameters('KeyVaultName'))] ?

In fact, the main objective is to be able to pass the different KeyVault names when deploying templates - where the similar values are stored.
The need to have several KeyVaults is justified by the resources (and cost) separation.

Now I see only validation errors saying ~ resourceId function cannot be used while referencing parameters.

I cannot use nested\linked templates (and output values).

1
azureazure-resource-managerazure-keyvaultarm-template
Nested/linked templates are the only solution to this issue. Can you share what is preventing you from using this solution?Rich Randall
You don't need to use outputs, but you do need to use nested templates (as Rich mentioned)bmoore-msft
I'm using this template during programmatically creation of resources in my code (.Net Core web app + Azure API calls). Unfortunately, I was unable to use a nested template when deploying using REST API.Sergey

1 Answers

1
votes

What I am usually doing to avoid this limitation of the resourceId function is to define a variable with the value of the parameter, then using the variable instead in the resourceId function.

Example:

"parameters": {
        "KeyVaultName": {
            "type": "string",
            "metadata": {
                "description": "Key Vault Name"
            }
        }
},
"variables": {
    "KeyVaultName": "[parameters('KeyVaultName')]"
}

Then when I am referencing the KeyVault resource I reference it using the variable like this:

"[resourceId('Microsoft.KeyVault/vaults', variables('KeyVaultName')]"