{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "", // (Required) Your own version to ensure right template is deployed
"apiProfile": "", // API versions for resource types.
"parameters": { }, // prompted when deployment is executed.
"variables": { },
"functions": [ ],
"resources": [ ], // (Required) Resource types that are deployed or updated
"outputs": { } // Values that you want to return after deployment.
}
az group deployment create --name testdeployment --resource-group test-rg --template-file test-template.jsonAzurePowerShell task to execute Deploy-AzureResourceGroup.ps1AzureFileCopy task to copy templates to blob storageAzureResourceGroupDeployment to create or update resource group using URL of the template "adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<subscription-id>/resourceGroups/examplegroup/providers/Microsoft.KeyVault/vaults/<vault-name>"
},
"secretName": "examplesecret"
}
}
templateLink
{
"apiVersion": "2015-01-01",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('templateBaseUri'), 'my-nested-template.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resourcegroup": {
"value": "[parameters('resourcegroup')]"
},
"vaultName": {
"value": "[parameters('vaultName')]"
},
"secretToPass": { // here vault ID & secret name is dynamically generated
"reference": {
"keyVault": {
"id": "[resourceId(subscription().subscriptionId, parameters('resourcegroup'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "examplesecret"
}
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "dynamicSecret",
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"template": { // nested child template
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminPassword": { // gets from the parent
"type": "securestring"
}
},
// ... stripped rest of the template
},
"parameters": {
"adminPassword": { // here vault ID & secret name is dynamically generated
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
}
}
}
}
],
"outputs": {
}
}