az keyvault create --name "Contoso-Vault2" --resource-group "ContosoResourceGroup" --location eastusaz keyvault secret set --vault-name "Contoso-Vault2" --name "ExamplePassword" --value "hVFkk965BuUv"az keyvault secret show --name "ExamplePassword" --vault-name "Contoso-Vault2"$keyUrl = (Get-AzureKeyVaultKey -VaultName "testvault" -Name "keyname").Key.Kid$secretText = (Get-AzureKeyVaultSecret -VaultName "testvault" -Name "secretname").SecretValueText📝Reference it in an ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminLogin": {
"value": "exampleadmin"
},
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<subscription-id>/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<vault-name>"
},
"secretName": "ExamplePassword"
}
},
"sqlServerName": {
"value": "<your-server-name>"
}
}
}
az ad sp create-for-rbac -n "http://mySP"az keyvault set-policy -n <your-unique-keyvault-name> --spn <ApplicationID-of-your-service-principal> --secret-permissions get list set delete --key-permissions create decrypt delete encrypt get list unwrapKey wrapKeyaz webapp identity assign --name myApp --resource-group myResourceGroupaz keyvault set-policy --name myKeyVault --object-id <PrincipalId> --secret-permissions get list