我有一个 ARM 模板,用于创建存储帐户和 key 保管库:
...
{
"apiVersion": "2019-04-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "mystorageaccountname",
"location": "canadacentral",
"sku": {
"name": "Standard_LRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
...
...
{
"apiVersion": "2019-09-01",
"type": "Microsoft.KeyVault/vaults",
"name": "mykeyvault",
"location": "canadacentral",
"properties": {
"tenantId": "[subscription().tenantId]",
"sku": {
"family": "A",
"name": "standard"
},
"accessPolicies": []
}
}
...
我想要我的 Key Vault to manage the storage account 。对我来说不幸的是,examples我有found到目前为止是 Powershell 脚本。
在 ARM template documentation ,我不清楚如何实现这样的事情。
问题
如何在 ARM 模板中配置 key 保管库来管理存储帐户?
最佳答案
直到一段时间以来,还无法执行此类操作,因为 ARM 模板不支持直接从它们创建 Azure KV key 。最近发布了一个更新,它终于可用了:
{
"type": "Microsoft.KeyVault/vaults/keys",
"name": "[concat(parameters('vaultName'), '/', parameters('keyName'))]",
"apiVersion": "2019-09-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]"
],
"properties": {
"kty": "[parameters('keyType')]",
"keyOps": "[parameters('keyOps')]",
"keySize": "[if(equals(parameters('keySize'), -1), json('null'), parameters('keySize'))]",
"curveName": "[parameters('curveName')]"
}
}
您可以在此处查看完整示例 - https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-template?tabs=CLI 。这样,您就可以引用存储帐户 key 值并将其直接放入 Azure Key Vault 中。您可以尝试使用该结构来做到这一点:
[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]
关于azure - 如何在 ARM 模板中创建 Key Vault 托管存储帐户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64403526/