Why is it not possible to create an Azure Key vault key with ARM templates?

2
votes

In the documentation of ARM templates resources types, there is no Microsoft.KeyVault/vaults/keys resource type.

This means that it is not possible to create a key in an Azure key vault by using arm templates.

I would like to know if this is actually intended for security reasons maybe, or just not supported yet.

I am experimenting with the new server side storage encryption with customer manager keys and I would like to create the following in a single template:

  • Key vault
  • Key in the key vault
  • Disk encryption set
1
azureazure-resource-managerazure-keyvault
Presumably because the contents of a Key Vault are not Azure resources, any more than files in a Storage Account.Hong Ooi
But @HongOoi, it is possible to create secrets via ARM templates why not keys?Chedy2149
feedback.azure.com/forums/906355-azure-key-vault/suggestions/…Sajeetharan

1 Answers

1
votes

Because create key operation is not exposed with the ARM Rest API. Only with the Key Vault Rest API. But ARM Templates only operate against ARM Rest Api.