英文:
Adding a Key Vault Access Policy to an Existing Key Vault via ARM
问题
我正在尝试在Azure Devops中执行ARM部署,通过该部署我可以向Azure中的现有密钥保管库添加密钥保管库访问策略。
我想使用以下ARM模板来向现有的密钥保管库添加访问策略:https://github.com/Azure/azure-quickstart-templates/tree/master/101-keyvault-add-access-policy
我有一个单独的模板,用于部署应用服务并创建系统分配的托管标识。
如何最好地将这两个模板关联起来?如果我还不知道应用服务的服务主体对象ID,我应该如何在“添加密钥保管库策略”ARM模板中引用应用服务的系统分配标识?
英文:
I am trying to do an ARM deployment in Azure Devops whereby I add a key vault access policy to an existing key vault in Azure.
I want to use the following ARM template which adds an access policy to an existing Key Vault: https://github.com/Azure/azure-quickstart-templates/tree/master/101-keyvault-add-access-policy
I have a separate template that deploys an App service and creates a system assigned managed identity.
What is the best way to link the two templates? how do i reference the System Assigned identity of the app service in the 'Add Key Vault Policy' ARM template if I dont know what the object ID of the service Principle is yet?
答案1
得分: 3
以下是已翻译的内容:
这是一个示例,演示了如何在您的其他模板中检索托管标识 Id:
"[reference(concat(resourceId('Microsoft.Web/sites/', %wep_app_name%), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]"
https://github.com/Azure/azure-quickstart-templates/blob/master/101-functions-managed-identity/azuredeploy.json#L295
英文:
here's a sample how you would retrieve the managed identity Id in your other template:
"[reference(concat(resourceId('Microsoft.Web/sites/', %wep_app_name%), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论