Azure ARM template how to get dynamic keyvault appsettings to function

3
votes

I took the template from quickstart templates (https://github.com/Azure/azure-quickstart-templates/blob/master/101-functions-managed-identity/azuredeploy.json).

I would like to add "@Microsoft.KeyVault(SecretUri=secret_uri_with_version)" application setting to my keyvault within ARM template. How can I do this? Lets say my keyvault name is "MyKeyVault" and my secret name is "MySecret". I found from MS docs that this kind of reference should work:

"WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('keyVaultResourceId')).secretUriWithVersion, ')')]",

But I just get error message "The resource 'Microsoft.KeyVault/vaults/MyKeyVault' is not defined in the template."

I am creating resource Id with this line:

"keyVaultResourceId": "[resourceId(subscription().subscriptionId, parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
1
azurearm-template
i would suggest you try this: reference(variables('keyVaultResourceId'), '2018-02-14').secretUriWithVersion4c74356b41
Now I get "The language expressio n property 'secretUriWithVersion' doesn't exist"Kamsiinov
probably means it doesnt exist? why do you think it does?4c74356b41
from this document: docs.microsoft.com/en-us/azure/app-service/…Kamsiinov

1 Answers

3
votes

ah, ok I see, you are trying to get reference from the Key Vault, not from the secret. the key vault obviously doesn't have that property, because its not a secret, its a key vault. So you need to construct a reference to your secret:

reference(resourceId('rg','Microsoft.KeyVault/vaults/secrets','kvname','secretname').secretUriWithVersion)