When providing passwords and other secure and confidential information in ARM Templates, you need to ensure that you don’t hard code these values anywhere. You don’t need to compromise the security of the system while trying to automate deployments. Your end goal is to try to automate as much as possible and reduce manual involvement.
Key Vaults are there to solve this problem without compromising any security. In fact, they make the whole solution more secure with least manual intervention.
Setting up the Key Vault
We first need to setup the Key Vault in Azure to be able to use it via ARM Template parameters.
- Create a Key Vault in Azure by going to New -> Security + Identity -> Key Vault. Provide a name, subscription, resource group etc. and provision the Key Vault. Once it is created navigate to it by clicking on “More Services” and searching for Key Vault. Click on the name of the vault you created. E.g. In this example we have named the key vault to “TestKeyVault101”.
Note that this feature is in Preview at the time of writing of this blog.
- Next, we need to Add a Secret in the key vault. Click on the Secrets and then the + Add button at the top.