@Durga Reshma Malthi Tried the below steps but getting the below error.
Below KeyVaultSetup-parameters.json, KeyVaultSetup.json , powershell and yaml files.
Can you please let me know if any changes to be done in KeyVaultSetup.json file?
Error -
Line |
13 | New-AzResourceGroupDeployment `
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 17:48:47 - Error: Code=InvalidTemplate; Message=Deployment template
| validation failed: 'The template resource
| '[parameters('secrets')[copyIndex()].name]' at line '101' column '23' is
| not valid. Copying nested resources is not supported. Please see
| https://aka.ms/arm-multiple-instances for usage details.'.
```1. KeyVaultSetup-parameters.json
{
```scala
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
"value": "keyvault-test-arm"
},
"tenantId": {
"value": "0d87da24-f953-4d18-9f24-d7e189013940"
},
"objectId": {
"value": "d4085cb9-f442-481d-ba5d-8c43b8e1775e"
},
"secrets": {
"value": [
{
"name": "DB-URL",
"value": "jdbc:sqlserver://server;databaseName=sample"
},
{
"name": "DBPass",
"value": "xxxx"
}
]
}
}
```}
2.KeyVaultSetup.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
```scala
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Name of the vault"
}
},
"tenantId": {
"type": "string",
"metadata": {
"description": "Tenant Id"
}
},
"objectId": {
"type": "string",
"metadata": {
"description": "Object Id"
}
},
"keysPermissions": {
"type": "array",
"defaultValue": [ "all" ],
"metadata": {
"description": "Permissions to grant user to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify."
}
},
"secretsPermissions": {
"type": "array",
"defaultValue": [ "all" ],
"metadata": {
"description": "Permissions to grant user to secrets in the vault. Valid values are: all, get, set, list, and delete."
}
},
"vaultSku": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Premium"
],
"metadata": {
"description": "SKU for the vault"
}
},
"secrets": {
"type": "array",
"metadata": {
"description": "List of secrets to store in the vault"
}
}
``` },
"resources": [
```python
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('keyVaultName')]",
"apiVersion": "2015-06-01",
"location": "eastus",
"tags": {
"displayName": "KeyVault"
``` },
"properties": {
```powershell
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')]",
"permissions": {
"keys": "[parameters('keysPermissions')]",
"secrets": "[parameters('secretsPermissions')]"
}
}
],
"sku": {
"name": "[parameters('vaultSku')]",
"family": "A"
}
},
``` "resources": [
```typescript
{
"type": "secrets",
"name": "[parameters('secrets')[copyIndex()].name]",
"apiVersion": "2015-06-01",
"tags": { "displayName": "[parameters('secrets')[copyIndex()].name]" },
"properties": {
"value": "[parameters('secrets')[copyIndex()].value]"
},
"dependsOn": [
"[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
],
"copy": {
"name": "secretCopy",
"count": "[length(parameters('secrets'))]"
}
}
]
}
``` ]
}
3. yaml file
trigger:
- master
pool:
vmImage: ubuntu-latest
steps:
- task: AzurePowerShell@5
inputs:
azureSubscription: 'xxxx'
ScriptType: 'FilePath'
ScriptPath: './keyvault.ps1'
azurePowerShellVersion: 'LatestVersion'
4. powershell file -- keyvault.ps1
$ResourceGroupName = "xxxx"
$DeploymentName = "xxxx"
$TemplateFilePath = "./arm/templates/KeyVaultSetup.json"
$ParameterFilePath = "./arm/templates/KeyVaultSetup-parameters.json"
New-AzResourceGroupDeployment `
```powershell
-ResourceGroupName $ResourceGroupName `
-TemplateFile $TemplateFilePath `
-TemplateParameterFile $ParameterFilePath `
-Mode Incremental `
-Verbose `
-DeploymentName $DeploymentName