Quickstart: Create an Microsoft Azure confidential ledger with an ARM template

Microsoft Azure confidential ledger is a new and highly secure service for managing sensitive data records. This quickstart describes how to use an Azure Resource Manager template (ARM template) to create a new ledger.

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.

Prerequisites

• Subscription owner - A confidential ledger can only be created by users who have Owner permissions on the Azure subscription. Confirm that you have the appropriate access before continuing with this quickstart.

Azure subscription

If you don't have an Azure subscription, create a free account before you begin.

Register the resource provider

A resource provider is a service that supplies Azure resources. Use the Azure CLI az provider register command or the Azure PowerShell Register-AzResourceProvider cmdlet to register the Azure confidential ledger resource provider, 'microsoft.ConfidentialLedger'.

Azure CLI

az provider register --namespace "microsoft.ConfidentialLedger"

Azure PowerShell

Register-AzResourceProvider -ProviderNamespace "microsoft.ConfidentialLedger"

You can verify that registration is complete with the Azure CLI az provider register command or the Azure PowerShell Get-AzResourceProvider cmdlet.

Azure CLI

az provider show --namespace "microsoft.ConfidentialLedger"

Azure PowerShell

Get-AzResourceProvider -ProviderNamespace "microsoft.ConfidentialLedger"

Obtain your principal ID

The template requires a principal ID. You can obtain your principal ID my running the Azure CLI az ad sp list command, with the --show-mine flag:

az ad sp list --show-mine -o table

Your principal ID is shown in the "ObjectId" column.

Review the template

The template used in this quickstart is from Azure Quickstart Templates.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "ledgerName": {
            "type": "string",
            "metadata": {
                "description": "Ledger Name"
            },
            "minLength": 3,
            "maxLength": 24
        },
        "principalId": {
            "type": "string",
            "metadata": {
                "description": "Oid of the user"
            }
        },
        "location": {
            "type": "string",
            "defaultValue": "[resourceGroup().location]",
            "metadata": {
                "description": "Location for all resources."
            }
        }
    },
    "functions": [],
    "variables": {},
    "resources": [{
        "name": "[parameters('ledgerName')]",
        "type": "Microsoft.ConfidentialLedger/ledgers",
        "apiVersion": "2020-12-01-preview",
        "location": "[parameters('location')]",
        "properties": {
            "ledgerType": "Public",
            "aadBasedSecurityPrincipals": [{
                "principalId": "[parameters('principalId')]",
                "ledgerRoleName": "Administrator"
            }]
        }
    }],
    "outputs": {}
}

Azure resources defined in the template:

• Microsoft.ConfidentialLedger/ledgers

Deploy the template

1. Select the following image to sign in to Azure and open the template.

   

2. Select or enter the following values.

   Unless it's specified, use the default value to create the confidential ledger.

   • Ledger name: Select a name for your ledger. Ledger names must be globally unique.
   • Location: Select a location. For example, East US.
   • PrincipalId: Provide the Principal ID you noted in the Prerequisites section above.

3. Select Purchase. After the confidential ledger resource has been deployed successfully, you will receive a notification.

The Azure portal is used to deploy the template. In addition to the Azure portal, you can also use the Azure PowerShell, Azure CLI, and REST API. To learn other deployment methods, see Deploy templates.

Review deployed resources

You can use the Azure portal to check the ledger resource.

Clean up resources

Other Azure confidential ledger articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you may wish to leave these resources in place.

When no longer needed, delete the resource group, which deletes the ledger resource. To delete the resource group by using Azure CLI or Azure PowerShell:

CLI

echo "Enter the Resource Group name:" &&
read resourceGroupName &&
az group delete --name $resourceGroupName &&
echo "Press [ENTER] to continue ..."

PowerShell

$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
Remove-AzResourceGroup -Name $resourceGroupName
Write-Host "Press [ENTER] to continue..."

Next steps

In this quickstart, you created an confidential ledger resource using an ARM template and validated the deployment. To learn more about the service, see Overview of Microsoft Azure confidential ledger.