Is it possible to get a secret from the key vault from inside the custom data (cloud-init) portion of a parameter file in an ARM template? This is what I am trying to accomplish:
I need to inject a config.json file to a vm to a specific location, for simplicity, let's say /tmp. I am thinking about using cloud-init.
the config.json file looks like this:
#other cloud-init directives here....
"user": {
"username": "admin",
"password": "password",
"role": "system_administrator",
"type": "local"
}
it goes without saying that I am looking for a way to not hard code the password inside the file that I will create with cloud-init. Is it possible to call a secret from inside a cloud-init configuration?
If the above is not possible, can I create a variable in my arm template (that gets the password from the key vault) and then reference that variable in the cloud-init configuration?
If that is not possible either, does anyone have a recommendation on how to possibly create a config file in cloud-init that has a password?
Any ideas are welcome, ultimately the arm template will be deployed using azure DevOps, so perhaps there is another way? or maybe cloud-init isn't the way to go?
I'm not sure what your issue is exactly, but you can use this article to figure out how to use the key vault secrets in the template, its pretty straight forward.
Couple of notes:
#include
http://somesite.com/path/to/cloud-init.txt