azure azure-resource-manager azure-rm-template

Is it possible to create KeyVault using ARM, generate password and use the password in other ARM resources?

I would like to create ARM Template

create a resource group that contains KeyVault;
generate new secret with predefined name, e.g AdminPassword.
Use the password in other resources, e.g Master password when creating a SQL Database.

When redeploying the template and KeyVault and the AdminPassword secret already exist, existing secret should be used.

I have found samples where KeyVault secret is used as a parameter, however this is different, because KeyVault does not exist at the time parameters are resolved.

Can you write sample ARM teplate that creates KeyVault and then uses sectets from it?

Solution

You can generate the password in the ARM Template using uniqueString.

Then create your KeyVault and the Secret. On the outputs of the KeyVault template you can then get the URI of the Secret which can be injected into the App Configuration of another resource such as a Web App. https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

"outputs": {
    "dbSecretUri": {
        "value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), 'yourSecretName')).secretUriWithVersion]"
    }
}

Your web app will need Managed Identity enabled and the KeyVault will need to have an Access Policy that allows that app to connect to the vault.