To Pass JSON File Arguments to PowerShell File and how to set the JSON File Configuration in YAML file in Azure Devops Pipeline.

Question

To Pass JSON File Arguments to PowerShell File and how to set the JSON File Configuration in YAML file in Azure Devops Pipeline.

Hitesh N 40

How to Pass Arguments of the variables (storageAccountName,location,storageSKU) From the JSON File to the to powershell File , and how to set the JSON File Configuration in YAML file to fetch the json file object in the Azure Devops Pipeline.

Below Example of the JSON , PowerShell and YAML files.

JSON File - test.json

{

storageAccountName = "xxxstoragetest123"

location = useast2

storageSKU = "xyz"
```}

2. PowerShell File - test.ps1 

$Parameters = @{

   storageAccountName = "value from-json-file"

```typescript
location = "value from-json-file"

storageSKU = "value from-json-file"
```}

3. YAML File-  test.yaml

trigger:

- master

pool:

  vmImage: ubuntu-latest

steps:

- task: AzurePowerShell@5

  inputs:

    azureSubscription: 'xxxx'

    ScriptType: 'FilePath'

    ScriptPath: 'test.ps1'

    #scriptArguments: 

    #  -Arg1 Hello `

    #  -Arg2 World

    azurePowerShellVersion: LatestVersion

    pwsh: true

Accepted answer

2 additional answers

Your answer

Answer 1

Durga Reshma Malthi 4,430 Microsoft External Staff Moderator

Hi Hitesh N

You can absolutely pass $ResourceGroupName and $DeploymentName either from the parameters.json file or from an Azure DevOps variable group depending on how dynamic or reusable you want your pipeline to be.

Define your variables in the library:

Go to Azure DevOps -> Select your Project -> Pipelines -> Library -> +New variable group -> Add variables: resourceGroupName and deploymentName -> Save.

In your YAML pipeline, reference the variable group above the steps section.

variables:
  - group: <group name>

and Update your PowerShell script to accept parameters in the place of $ResourceGroupName = "xxxx" and $DeploymentName = "Template"

param (
    [string]$ResourceGroupName,
    [string]$DeploymentName
)

You can also pass from parameters.json but this is not recommended because PowerShell doesn’t auto-wire deployment-level variables.

Hope this helps!

Please Let me know if you have any queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

Durga Reshma Malthi 4,430 Reputation points Microsoft External Staff Moderator

2025-06-20T07:52:38.5966667+00:00

Hi Hitesh N

Just checking in to see if you had a chance to review the response provided to your question.

Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

Hitesh N 40

@Durga Reshma Malthi Thanks Durga, tested with variable-group its working.

Had Question for Key-vault arm template as below. In KeyVaultSetup.parameters.json file the values for One - secretName and secretValue are passed as below. How to create the another secretName for the same keyVault. ( One SecretName- DB-URL, Second - DBPass) with Key-vaultSetup.parameters.json and KeyVaultSetup.json files.

KeyVaultSetup.parameters.json

{

"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",

"contentVersion": "1.0.0.0",

"parameters": {

    "keyVaultName": {

        "value": "KeyVaultName"

    },

    "tenantId": {

        "value": "xxxxxxxxxxxx"

    },

    "objectId": {

        "value": "xxxxxxxxxxxx"

    },

    "secretName": {

        "value": "xxxx"

    },        

    "secretValue": {

        "value": "xxxx"

    }

}

}

KeyVaultSetup.json

{

"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

"contentVersion": "1.0.0.0",

"parameters": {

"keyVaultName": {

  "type": "string",

  "metadata": {

    "description": "Name of the vault"

  }

},

"tenantId": {

  "type": "string",

  "metadata": {

    "description": "Tenant Id"

  }

},

"objectId": {

  "type": "string",

  "metadata": {

    "description": "Object Id"

  }

},

"keysPermissions": {

  "type": "array",

  "defaultValue": [ "all" ],

  "metadata": {

    "description": "Permissions to grant user to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify."

  }

},

"secretsPermissions": {

  "type": "array",

  "defaultValue": [ "all" ],

  "metadata": {

    "description": "Permissions to grant user to secrets in the vault. Valid values are: all, get, set, list, and delete."

  }

},

"vaultSku": {

  "type": "string",

  "defaultValue": "Standard",

  "allowedValues": [

    "Standard",

    "Premium"

  ],

  "metadata": {

    "description": "SKU for the vault"

  }

},

"secretName": {

  "type": "string",

  "metadata": {

    "description": "Name of the secret to store in the vault"

  }

},

"secretValue": {

  "type": "securestring",

  "metadata": {

    "description": "Value of the secret to store in the vault"

  }

}

},

"resources": [

{

  "type": "Microsoft.KeyVault/vaults",

  "name": "[parameters('keyVaultName')]",

  "apiVersion": "2015-06-01",

  "location": "[resourceGroup().location]",

  "tags": {

    "displayName": "KeyVault"

  },

  "properties": {

    "tenantId": "[parameters('tenantId')]",

    "accessPolicies": [

      {

        "tenantId": "[parameters('tenantId')]",

        "objectId": "[parameters('objectId')]",

        "permissions": {

          "keys": "[parameters('keysPermissions')]",

          "secrets": "[parameters('secretsPermissions')]"

        }

      }

    ],

    "sku": {

      "name": "[parameters('vaultSku')]",

      "family": "A"

    }

  },

  "resources": [

    {

      "type": "secrets",

      "name": "[parameters('secretName')]",

      "apiVersion": "2015-06-01",

      "tags": { "displayName": "secret" },

      "properties": {

        "value": "[parameters('secretValue')]"

      },

      "dependsOn": [

        "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"

      ]

    }

  ]

}

]

}

Hitesh N 40 Reputation points

2025-06-23T13:19:30.72+00:00

@Durga Reshma Malthi you had a chance to review the above question.

Durga Reshma Malthi 4,430 Microsoft External Staff Moderator

Hi Hitesh N

You will need to add parameters for the new secret name and value, Update to include a secrets array of objects in KeyVaultSetup.parameters.json file.

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "keyVaultName": {
      "value": "KeyVaultName"
    },
    "tenantId": {
      "value": "xxxxxxxxxxxx"
    },
    "objectId": {
      "value": "xxxxxxxxxxxx"
    },
    "secrets": {
      "value": [
        {
          "name": "DB-URL",
          "value": "jdbc:sqlserver://server;databaseName=sample"
        },
        {
          "name": "DBPass",
          "value": "SecurePassword123"
        }
      ]
    }
  }
}

Alternatively, you can try to define a new secrets parameter:

"secrets": {
  "type": "array",
  "metadata": {
    "description": "List of secrets with name and value"
  }
}

then Update the resources array with a copy loop:

"resources": [
  {
    "type": "Microsoft.KeyVault/vaults",
    "name": "[parameters('keyVaultName')]",
    ...
    "resources": [
      {
        "type": "secrets",
        "name": "[parameters('secrets')[copyIndex()].name]",
        "apiVersion": "2015-06-01",
        "copy": {
          "name": "secretCopy",
          "count": "[length(parameters('secrets'))]"
        },
        "properties": {
          "value": "[parameters('secrets')[copyIndex()].value]"
        },
        "dependsOn": [
          "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
        ]
      }
    ]
  }
]

This tells ARM to loop through each item in secrets array and create it inside the Key Vault.

Hope this helps!

Please Let me know if you have any queries.

Hitesh N 40

@Durga Reshma Malthi

How the 2 secrets - DB-URL and DBPass values will be passed in the below KeyVault.json, from the secrets - DB-URL and DBPass values in KeyVault-parameters.json file. These json files are called from the powershell script.

Below are the yaml and powershell files.

KeyVaultSetup-parameters.json

{

"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",

"contentVersion": "1.0.0.0",

"parameters": {

"keyVaultName": {

  "value": "KeyVaultName"

},

"tenantId": {

  "value": "xxxxxxxxxxxx"

},

"objectId": {

  "value": "xxxxxxxxxxxx"

},

"secrets": {

  "value": [

    {

      "name": "DB-URL",

      "value": "jdbc:sqlserver://server;databaseName=sample"

    },

    {

      "name": "DBPass",

      "value": "SecurePassword123"

    }

  ]

}
```  }

}

2. KeyVaultSetup.json

{

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

  "contentVersion": "1.0.0.0",

  "parameters": {

```scala
"keyVaultName": {

  "type": "string",

  "metadata": {

    "description": "Name of the vault"

  }

},

 "tenantId": {

  "type": "string",

  "metadata": {

    "description": "Tenant Id"

  }

},

"objectId": {

  "type": "string",

  "metadata": {

    "description": "Object Id"

  }

},

"keysPermissions": {

  "type": "array",

  "defaultValue": [ "all" ],

  "metadata": {

    "description": "Permissions to grant user to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify."

  }

},

"secretsPermissions": {

  "type": "array",

  "defaultValue": [ "all" ],

  "metadata": {

    "description": "Permissions to grant user to secrets in the vault. Valid values are: all, get, set, list, and delete."

  }

},

"vaultSku": {

  "type": "string",

  "defaultValue": "Standard",

  "allowedValues": [

    "Standard",

    "Premium"

  ],

  "metadata": {

    "description": "SKU for the vault"

  }

},

"secretName": {

  "type": "string",

  "metadata": {

    "description": "Name of the secret to store in the vault"

  }

},

"secretValue": {

  "type": "securestring",

  "metadata": {

    "description": "Value of the secret to store in the vault"

  }

}
```  },

  "resources": [

```python
{

  "type": "Microsoft.KeyVault/vaults",

  "name": "[parameters('keyVaultName')]",

  "apiVersion": "2015-06-01",

  "location": "eastus",

  "tags": {

    "displayName": "KeyVault"
```  },

  "properties": {

```powershell
    "tenantId": "[parameters('tenantId')]",

    "accessPolicies": [

      {

        "tenantId": "[parameters('tenantId')]",

        "objectId": "[parameters('objectId')]",

        "permissions": {

          "keys": "[parameters('keysPermissions')]",

          "secrets": "[parameters('secretsPermissions')]"

        }

      }

    ],

    "sku": {

      "name": "[parameters('vaultSku')]",

      "family": "A"

    }

  },
```  "resources": [

```python
    {

      "type": "secrets",

      "name": "[parameters('secretName')]",

      "apiVersion": "2015-06-01",

      "tags": { "displayName": "secret" },

      "properties": {

        "value": "[parameters('secretValue')]"

      },

      "dependsOn": [

        "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"

      ]

    }

  ]

}
```  ]    

}

3. yaml file

trigger:

- master

pool:

  vmImage: ubuntu-latest

steps:

- task: AzurePowerShell@5

  inputs:

    azureSubscription: 'xxxx'

    ScriptType: 'FilePath'

    ScriptPath: './keyvault.ps1'

    azurePowerShellVersion: 'LatestVersion'

	

	

4. powershell file - keyvault.ps1

$ResourceGroupName = "xxxx"

$DeploymentName = "xxxx"

$TemplateFilePath = "./arm/templates/KeyVaultSetup.json"

$ParameterFilePath = "./arm/templates/KeyVaultSetup-parameters.json"

New-AzResourceGroupDeployment `

```powershell
-ResourceGroupName $ResourceGroupName `

-TemplateFile $TemplateFilePath `

-TemplateParameterFile $ParameterFilePath `

-Mode Incremental `

-Verbose `

-DeploymentName $DeploymentName

Durga Reshma Malthi 4,430 Microsoft External Staff Moderator

Hi Hitesh N

To pass the two secrets (DB-URL and DBPass) from the KeyVaultSetup-parameters.json file to the KeyVaultSetup.json file, you will need to modify the ARM template to handle an array of secrets.

You already have the secrets defined in the parameters file. Ensure it as below:

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "keyVaultName": {
      "value": "KeyVaultName"
    },
    "tenantId": {
      "value": "xxxxxxxxxxxx"
    },
    "objectId": {
      "value": "xxxxxxxxxxxx"
    },
    "secrets": {
      "value": [
        {
          "name": "DB-URL",
          "value": "jdbc:sqlserver://server;databaseName=sample"
        },
        {
          "name": "DBPass",
          "value": "SecurePassword123"
        }
      ]
    }
  }
}

You need to modify the resources section to loop through the secrets array and create a secret resource for each entry.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "keyVaultName": {
      "type": "string",
      "metadata": {
        "description": "Name of the vault"
      }
    },
    "tenantId": {
      "type": "string",
      "metadata": {
        "description": "Tenant Id"
      }
    },
    "objectId": {
      "type": "string",
      "metadata": {
        "description": "Object Id"
      }
    },
    "keysPermissions": {
      "type": "array",
      "defaultValue": ["all"],
      "metadata": {
        "description": "Permissions to grant user to keys in the vault."
      }
    },
    "secretsPermissions": {
      "type": "array",
      "defaultValue": ["all"],
      "metadata": {
        "description": "Permissions to grant user to secrets in the vault."
      }
    },
    "vaultSku": {
      "type": "string",
      "defaultValue": "Standard",
      "allowedValues": ["Standard", "Premium"],
      "metadata": {
        "description": "SKU for the vault"
      }
    },
    "secrets": {
      "type": "array",
      "metadata": {
        "description": "List of secrets to store in the vault"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.KeyVault/vaults",
      "name": "[parameters('keyVaultName')]",
      "apiVersion": "2015-06-01",
      "location": "eastus",
      "tags": {
        "displayName": "KeyVault"
      },
      "properties": {
        "tenantId": "[parameters('tenantId')]",
        "accessPolicies": [
          {
            "tenantId": "[parameters('tenantId')]",
            "objectId": "[parameters('objectId')]",
            "permissions": {
              "keys": "[parameters('keysPermissions')]",
              "secrets": "[parameters('secretsPermissions')]"
            }
          }
        ],
        "sku": {
          "name": "[parameters('vaultSku')]",
          "family": "A"
        }
      },
      "resources": [
        {
          "type": "secrets",
          "name": "[parameters('secrets')[copyIndex()].name]",
          "apiVersion": "2015-06-01",
          "tags": { "displayName": "[parameters('secrets')[copyIndex()].name]" },
          "properties": {
            "value": "[parameters('secrets')[copyIndex()].value]"
          },
          "dependsOn": [
            "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
          ],
          "copy": {
            "name": "secretCopy",
            "count": "[length(parameters('secrets'))]"
          }
        }
      ]
    }
  ]
}

The PowerShell script (keyvault.ps1) remains unchanged, as it will automatically use the updated parameters and template files when deploying the resources.

$ResourceGroupName = "xxxx"
$DeploymentName = "xxxx"
$TemplateFilePath = "./arm/templates/KeyVaultSetup.json"
$ParameterFilePath = "./arm/templates/KeyVaultSetup-parameters.json"
New-AzResourceGroupDeployment `
    -ResourceGroupName $ResourceGroupName `
    -TemplateFile $TemplateFilePath `
    -TemplateParameterFile $ParameterFilePath `
    -Mode Incremental `
    -Verbose `
    -DeploymentName $DeploymentName

Hope this helps!

Please Let me know if you have any queries.

Durga Reshma Malthi 4,430 Microsoft External Staff Moderator

Hi Hitesh N

You can also try as below:

Replace individual secretName and secretValue parameters with:

"secrets": {
  "type": "array",
  "metadata": {
    "description": "Array of secrets (name and value)"
  }
}

Inside the resources array of the KeyVault resource, replace the hardcoded secret block with:

"resources": [
  {
    "type": "secrets",
    "name": "[parameters('secrets')[copyIndex()].name]",
    "apiVersion": "2015-06-01",
    "properties": {
      "value": "[parameters('secrets')[copyIndex()].value]"
    },
    "copy": {
      "name": "secretCopy",
      "count": "[length(parameters('secrets'))]"
    },
    "dependsOn": [
      "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
    ]
  }
]

When you deploy using your existing PowerShell (keyvault.ps1) and YAML setup, both secrets will be created in the Key Vault dynamically. No change needed in your PowerShell or YAML script.

Durga Reshma Malthi 4,430 Reputation points Microsoft External Staff Moderator

2025-06-25T07:03:54.4966667+00:00

Hi Hitesh N

Just checking in to see if you had a chance to review the response provided to your question.

Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

Hitesh N 40

@Durga Reshma Malthi Tried the below steps but getting the below error.

Below KeyVaultSetup-parameters.json, KeyVaultSetup.json , powershell and yaml files.

Can you please let me know if any changes to be done in KeyVaultSetup.json file?

Error -

Line |

13 | New-AzResourceGroupDeployment `

 |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 | 17:48:47 - Error: Code=InvalidTemplate; Message=Deployment template

 | validation failed: 'The template resource

 | '[parameters('secrets')[copyIndex()].name]' at line '101' column '23' is

 | not valid. Copying nested resources is not supported. Please see

 | https://aka.ms/arm-multiple-instances for usage details.'.
```1. KeyVaultSetup-parameters.json

{

```scala
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",

"contentVersion": "1.0.0.0",

"parameters": {

    "keyVaultName": {

        "value": "keyvault-test-arm"

    },

    "tenantId": {

        "value": "0d87da24-f953-4d18-9f24-d7e189013940"

    },

    "objectId": {

        "value": "d4085cb9-f442-481d-ba5d-8c43b8e1775e"

    },

    "secrets": {

      "value": [

        {

          "name": "DB-URL",

          "value": "jdbc:sqlserver://server;databaseName=sample"

        },

        {

          "name": "DBPass",

          "value": "xxxx"

        }

      ]

    }

}
```}

2.KeyVaultSetup.json

{

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

  "contentVersion": "1.0.0.0",

  "parameters": {

```scala
"keyVaultName": {

  "type": "string",

  "metadata": {

    "description": "Name of the vault"

  }

},

 "tenantId": {

  "type": "string",

  "metadata": {

    "description": "Tenant Id"

  }

},

"objectId": {

  "type": "string",

  "metadata": {

    "description": "Object Id"

  }

},

"keysPermissions": {

  "type": "array",

  "defaultValue": [ "all" ],

  "metadata": {

    "description": "Permissions to grant user to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify."

  }

},

"secretsPermissions": {

  "type": "array",

  "defaultValue": [ "all" ],

  "metadata": {

    "description": "Permissions to grant user to secrets in the vault. Valid values are: all, get, set, list, and delete."

  }

},

"vaultSku": {

  "type": "string",

  "defaultValue": "Standard",

  "allowedValues": [

    "Standard",

    "Premium"

  ],

  "metadata": {

    "description": "SKU for the vault"

  }

},

"secrets": {

  "type": "array",

  "metadata": {

    "description": "List of secrets to store in the vault"

  }

}
```  },

  "resources": [

```python
{

  "type": "Microsoft.KeyVault/vaults",

  "name": "[parameters('keyVaultName')]",

  "apiVersion": "2015-06-01",

  "location": "eastus",

  "tags": {

    "displayName": "KeyVault"
```  },

  "properties": {

```powershell
    "tenantId": "[parameters('tenantId')]",

    "accessPolicies": [

      {

        "tenantId": "[parameters('tenantId')]",

        "objectId": "[parameters('objectId')]",

        "permissions": {

          "keys": "[parameters('keysPermissions')]",

          "secrets": "[parameters('secretsPermissions')]"

        }

      }

    ],

    "sku": {

      "name": "[parameters('vaultSku')]",

      "family": "A"

    }

  },
```  "resources": [

```typescript
    {

      "type": "secrets",

      "name": "[parameters('secrets')[copyIndex()].name]",

      "apiVersion": "2015-06-01",

      "tags": { "displayName": "[parameters('secrets')[copyIndex()].name]" },

      "properties": {

        "value": "[parameters('secrets')[copyIndex()].value]"

      },

      "dependsOn": [

        "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"

      ],

      "copy": {

        "name": "secretCopy",

        "count": "[length(parameters('secrets'))]"

      }

    }

  ]

}
```  ]    

}

3. yaml file

trigger:

- master

pool:

  vmImage: ubuntu-latest

steps:

- task: AzurePowerShell@5

  inputs:

    azureSubscription: 'xxxx'

    ScriptType: 'FilePath'

    ScriptPath: './keyvault.ps1'

    azurePowerShellVersion: 'LatestVersion'

	

	

4. powershell file -- keyvault.ps1

$ResourceGroupName = "xxxx"

$DeploymentName = "xxxx"

$TemplateFilePath = "./arm/templates/KeyVaultSetup.json"

$ParameterFilePath = "./arm/templates/KeyVaultSetup-parameters.json"

New-AzResourceGroupDeployment `

```powershell
-ResourceGroupName $ResourceGroupName `

-TemplateFile $TemplateFilePath `

-TemplateParameterFile $ParameterFilePath `

-Mode Incremental `

-Verbose `

-DeploymentName $DeploymentName

Durga Reshma Malthi 4,430 Microsoft External Staff Moderator

Hi Hitesh N

The error seems you cannot use copy inside a nested resources block

In KeyVaultSetup.json, update resources section like below:

"resources": [
  {
    "type": "Microsoft.KeyVault/vaults",
    "name": "[parameters('keyVaultName')]",
    "apiVersion": "2015-06-01",
    "location": "eastus",
    "tags": {
      "displayName": "KeyVault"
    },
    "properties": {
      "tenantId": "[parameters('tenantId')]",
      "accessPolicies": [
        {
          "tenantId": "[parameters('tenantId')]",
          "objectId": "[parameters('objectId')]",
          "permissions": {
            "keys": "[parameters('keysPermissions')]",
            "secrets": "[parameters('secretsPermissions')]"
          }
        }
      ],
      "sku": {
        "name": "[parameters('vaultSku')]",
        "family": "A"
      }
    }
  },
  {
    "type": "Microsoft.KeyVault/vaults/secrets",
    "apiVersion": "2015-06-01",
    "name": "[concat(parameters('keyVaultName'), '/', parameters('secrets')[copyIndex()].name)]",
    "dependsOn": [
      "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
    ],
    "properties": {
      "value": "[parameters('secrets')[copyIndex()].value]"
    },
    "copy": {
      "name": "secretCopy",
      "count": "[length(parameters('secrets'))]"
    }
  }
]

Hope this helps!

Please Let me know if you have any queries.

Hitesh N 40 Reputation points

2025-06-26T19:53:23.61+00:00

@Durga Reshma Malthi Thanks Durga, tested it is working.
Durga Reshma Malthi 4,430 Reputation points Microsoft External Staff Moderator

2025-06-27T08:14:41.6266667+00:00

Hi Hitesh N

Thanks for the update.

Feel free to reach out if you have any further queries by creating new thread

Answer 2

Durga Reshma Malthi 4,430 Microsoft External Staff Moderator

Hi Hitesh N

To pass arguments from a JSON file to a PowerShell script in an Azure DevOps pipeline, follow these steps:

Ensure your JSON file is correctly formatted:

   {
       "storageAccountName": "xxxstoragetest123",
       "location": "useast2",
       "storageSKU": "xyz"
   }

Modify the PowerShell script to read values from the JSON file:

   # Load JSON file
   $jsonFilePath = "$(Build.SourcesDirectory)/test.json"
   $jsonContent = Get-Content -Path $jsonFilePath | ConvertFrom-Json
   # Assign values from JSON to parameters
   $Parameters = @{
       storageAccountName = $jsonContent.storageAccountName
       location = $jsonContent.location
       storageSKU = $jsonContent.storageSKU
   }
   # Output values for debugging
   Write-Host "Storage Account Name: $($Parameters.storageAccountName)"
   Write-Host "Location: $($Parameters.location)"
   Write-Host "Storage SKU: $($Parameters.storageSKU)"

Modify your YAML file to include the JSON file and pass it to the PowerShell script:

   trigger:
     - master
   pool:
     vmImage: ubuntu-latest
   steps:
     - task: PowerShell@2
       inputs:
         targetType: 'filePath'
         filePath: '$(Build.SourcesDirectory)/test.ps1'
         arguments: '-jsonFilePath $(Build.SourcesDirectory)/test.json'
         pwsh: true

Alternatively, you can try the below YAML file:

   trigger:
   - master
   pool:
     vmImage: ubuntu-latest
   steps:
   - script: |
       # Load the JSON file into a variable
       $jsonFilePath = "$(Build.SourcesDirectory)/test.json"
       $jsonContent = Get-Content $jsonFilePath -Raw | ConvertFrom-Json
       # Set the PowerShell parameters
       $Parameters = @{
           storageAccountName = $jsonContent.storageAccountName
           location = $jsonContent.location
           storageSKU = $jsonContent.storageSKU
       }
       # Call the PowerShell script with parameters
       .\test.ps1
     displayName: 'Run PowerShell script'
     pwsh: true

Hope this helps!

Please Let me know if you have any queries.

Durga Reshma Malthi 4,430 Reputation points Microsoft External Staff Moderator

2025-06-02T03:29:55.9133333+00:00

Hi Hitesh N

Just checking in to see if you had a chance to review the response provided to your question.

Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.
Hitesh N 40 Reputation points

2025-06-02T13:56:43.6433333+00:00

@Durga Reshma Malthi Thanks Durga , will check and let you know.
Durga Reshma Malthi 4,430 Reputation points Microsoft External Staff Moderator

2025-06-03T08:20:11.88+00:00

Hi Hitesh N

Could you please provide an update on whether you have worked on it

Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.
Durga Reshma Malthi 4,430 Reputation points Microsoft External Staff Moderator

2025-06-04T08:51:25.1+00:00

Hi Hitesh N

Could you please provide an update on whether you have worked on it

Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

Hitesh N 40

@Durga Reshma Malthi

Hi Durga,

In the Arm folder have 2 files - arm/storage.json and arm/parameters.json, need to pass the parameters from the parameters.json file. In yaml file and powershell files how to reference both the files - arm/storage.json and arm/parameters.json. Can you suggest any how to pass the values from parameters.json file
arm/storage.json

"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

"contentVersion": "1.0.0.0",

"parameters": {

    "storageAccountName": {

        "type": "String"

    },

    "location": {

        "type": "String"

    },

    "Environment": {

        "type": "String"

    },

    "storageSKU": {

        "type": "String"

    },


    

},

"variables": {},

  "resources": [

  {

      "type": "Microsoft.Storage/storageAccounts",

      "apiVersion": "2022-09-01",

      "name": "[parameters('storageAccountName')]",

      "location": "[parameters('location')]",

      "sku": {

          "name": "[parameters('storageSKU')]"

      },

      "kind": "StorageV2",

      "properties": {

          "supportsHttpsTrafficOnly": true,

          "allowBlobPublicAccess": false,

          "minimumTlsVersion": "TLS1_2"

      }

  }
  ]

}

3. parameters.json file

{


"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",

"contentVersion": "1.0.0.0",

"parameters": {

    "storageAccountName": {

        "value": "xxxstoragetest123"

    },

    "location": {

        "value": "useast"

    },

    "Environment": {

        "value": "dev"

    },

    "storageSKU": {

        "value": "xyz"

    }

}
}

3. YAML file - In yaml file how to reference both the files - arm/storage.json and arm/parameters.json.

storage.yaml 

trigger:

- azure-pipelines

pool:

  vmImage: ubuntu-latest

variables:

  system.debug: true

  

- task: AzureResourceManagerTemplateDeployment@3

   inputs:

     deploymentScope: 'Resource Group'

     azureResourceManagerConnection: 'xxx'

     subscriptionId: 'xxxx'

     action: 'Create Or Update Resource Group'

     resourceGroupName: 'xxx'

     location: 'East US'

     templateLocation: 'file-URL'

     csmFile: '/arm/templates/storage.json'

     deploymentMode: 'Incremental'

     deploymentName: 'Template'

	 

	 

	 

4. In Powershell file - how to reference and pass the values from arm/storage.json and arm/parameters.json and execute the powershell

storage.ps1

$ResourceGroupName = "xxx-dev"

$Location = "eastus"

$DeploymentName = "Template"

$TemplateFilePath = "./arm/templates/storage.json"

$Parameters = @{

ruby
storageAccountName = "xxxstoragetest123"

location = $Location

storageSKU = "Standard_LRS"
}

New-AzResourceGroupDeployment `

powershell
-ResourceGroupName $ResourceGroupName `

-TemplateFile $TemplateFilePath `

-TemplateParameterObject $Parameters `

-Mode Incremental `

-Verbose `

-DeploymentName $DeploymentName

Answer 3

Hi Hitesh N

To reference and pass the parameters from parameters.json in both your YAML and PowerShell files, you can follow the steps below:

In your YAML file, you can reference both the ARM template and the parameters file by specifying the csmParametersFile input in the AzureResourceManagerTemplateDeployment task.

   trigger:
   - azure-pipelines
   pool:
     vmImage: ubuntu-latest
   variables:
     system.debug: true
   steps:
   - task: AzureResourceManagerTemplateDeployment@3
     inputs:
       deploymentScope: 'Resource Group'
       azureResourceManagerConnection: 'xxx'
       subscriptionId: 'xxxx'
       action: 'Create Or Update Resource Group'
       resourceGroupName: 'xxx'
       location: 'East US'
       templateLocation: 'Linked artifact' #or 'filePath'
       csmFile: 'arm/storage.json'
       csmParametersFile: 'arm/parameters.json'
       deploymentMode: 'Incremental'
       deploymentName: 'Template'

Use templateLocation: 'Linked artifact' if the templates are part of your repo (not a URL).

In your PowerShell script, you can read the parameters from the parameters.json file and pass them to the New-AzResourceGroupDeployment cmdlet.

   $ResourceGroupName = "xxx-dev"
   $Location = "eastus"
   $DeploymentName = "Template"
   $TemplateFilePath = "./arm/storage.json"
   $ParameterFilePath = "./arm/parameters.json"
   New-AzResourceGroupDeployment `
     -ResourceGroupName $ResourceGroupName `
     -TemplateFile $TemplateFilePath `
     -TemplateParameterFile $ParameterFilePath `
     -Mode Incremental `
     -Verbose `
     -DeploymentName $DeploymentName

Instead of building a @{} hashtable manually, you can pass the parameters.json directly using the -TemplateParameterFile parameter.

Hope this helps!

Please Let me know if you have any queries.

If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

Hitesh N 40 Reputation points

2025-06-18T19:16:10.36+00:00

@Durga Reshma Malthi Thanks Durga, Modified the yaml and powershell files values as below, the values are taken from storage.json and parameters.json files.

In powershell file (storage.ps1) file, the values of $ResourceGroupName and $DeploymentName can it be passed from the parameters.json file or it can be passed from library variable-group ?, as these values are present in powershell script.

yaml file

trigger:

master

pool:

vmImage: ubuntu-latest

steps:

task: AzurePowerShell@5 inputs: azureSubscription: 'xxx' ScriptType: 'FilePath' ScriptPath: './storage.ps1' azurePowerShellVersion: 'LatestVersion'

Powershell file

storage.ps1

$ResourceGroupName = "xxxx"

$DeploymentName = "Template"

$TemplateFilePath = "./arm/templates/storage.json"

$ParameterFilePath = "./arm/templates/parameters.json"

New-AzResourceGroupDeployment `

-ResourceGroupName $ResourceGroupName ` -TemplateFile $TemplateFilePath ` -TemplateParameterFile $ParameterFilePath ` -Mode Incremental ` -Verbose ` -DeploymentName $DeploymentName

Share via

To Pass JSON File Arguments to PowerShell File and how to set the JSON File Configuration in YAML file in Azure Devops Pipeline.

2 additional answers

Your answer