Generate Azure Key Vault Certificate with Bicep

Question

I want to generate a certificate in an Azure KeyVault using Bicep. It's simple and straight forward to do in the Web UI and using azure-cli: https://learn.microsoft.com/en-us/cli/azure/keyvault/certificate?view=azure-cli-latest#az-keyvault-certificate-create

But how do I do that with Bicep?

The only thing I found is this resource symbolicname 'Microsoft.Web/certificates@2022-03-01' but this actually wants to create a managed certificate and wants to bind it to some service, which I do not require.

How can I only generate the certificate in the key vault?

Answer 1

As above the @thomas said in some cases it will not support to generate certificate in key Vault using bicep.

Try the below code whether it works.

param  keyVaultName  string
param  location  string = resourceGroup().location

 
resource  keyVault  'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
name: keyVaultName
location: location
sku : {
name: 'standard'
}
properties: {
    tenantId: subscription().tenantId
    accessPolicies: []
    enabledForDeployment: false
    enabledForDiskEncryption: false
    enabledForTemplateDeployment: false
    enableSoftDelete: false
    enablePurgeProtection: false
    networkAcls: {
        bypass: 'AzureServices'
        defaultAction: 'Allow'
        }
    }
}


resource  certificate  'Microsoft.KeyVault/vaults/certificates@2021-06-01-preview' = {
    parent: keyVault
    name: 'my-certificate'
    properties: {
        certificatePolicy: {
        issuerParameters: {
        name: 'Unknown'
        }
    keyProperties: {
        keyType: 'RSA'
        keySize: 2048
        reuseKey: false
        }
    secretProperties: {
        contentType: 'application/x-pkcs12'
        }
        x509CertificateProperties: {
            subject: 'CN=my-certificate'
            validityInMonths: 12
            }
        }
    }
}