As opposed to using ARM templates, you can use Bicep which is also a declarative language but one that is more simple to use than ARM templates.
For this example, I've created a key vault in Bicep, one that I'm using to store local administrator passwords for Windows Servers.
The parameters files are the same as for the ARM template, however, the main template is simpler in Bicep.
Files are uploaded to Github (kv-mgmt-weu-002.bicep and kv-mgmt-weu-002.parameters.json).
Note that this key vault uses Access Policies as opposed to RBAC for authentication.
I have a regular administrator user which has full access and then there is a service principal (or App Registration) in Azure AD which is configured in Azure DevOps (this is specified in the parameters file). This service principal has permissions to get secrets from the key vault.
In the parameters file the tenant ID (the Azure AD tenant ID) must be specified as well as the object ID of the service principal or any regular users. This can be located in Azure AD, see below:
Bicep file is shown below:
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.