Microsoft.KeyVault vaults/secrets
Bicep resource definition
The vaults/secrets resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For guidance on using key vaults for secure values, see Manage secrets by using Bicep.
For a quickstart on creating a secret, see Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template.
For a quickstart on creating a key, see Quickstart: Create an Azure key vault and a key by using ARM template.
Resource format
To create a Microsoft.KeyVault/vaults/secrets resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
name: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
parent: resourceSymbolicName
properties: {
attributes: {
enabled: bool
exp: int
nbf: int
}
contentType: 'string'
value: 'string'
}
}
Property values
vaults/secrets
Name | Description | Value |
---|---|---|
name | The resource name See how to set names and types for child resources in Bicep. |
string (required) Character limit: 1-127 Valid characters: Alphanumerics and hyphens. |
tags | The tags that will be assigned to the secret. | Dictionary of tag names and values. See Tags in templates |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: vaults |
properties | Properties of the secret | SecretProperties (required) |
SecretProperties
Name | Description | Value |
---|---|---|
attributes | The attributes of the secret. | SecretAttributes |
contentType | The content type of the secret. | string |
value | The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | string |
SecretAttributes
Name | Description | Value |
---|---|---|
enabled | Determines whether the object is enabled. | bool |
exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
SAS 9.4 and Viya Quickstart Template for Azure |
The SAS® 9.4 and Viya QuickStart Template for Azure deploy these products on the cloud: SAS® Enterprise BI Server 9.4, SAS® Enterprise Miner 15.1, and SAS® Visual Analytics 8.5 on Linux, and SAS® Visual Data Mining and Machine Learning 8.5 on Linux for Viya. This QuickStart is a reference architecture for users who wants to deploy the combination of SAS® 9.4 and Viya on Azure using cloud-friendly technologies. By deploying the SAS® platform on Azure, you get an integrated environment of SAS® 9.4 and Viya environments so you can take advantage of both worlds. SAS® Viya is a cloud-enabled, in-memory analytics engine. It uses elastic, scalable, and fault-tolerant processing to address complex analytical challenges. SAS® Viya provides faster processing for analytics by using a standardized code base that supports programming in SAS®, Python, R, Java, and Lua. It also supports cloud, on-premises, or hybrid environments and deploys seamlessly to any infrastructure or application ecosystem. |
Create an API Management service with SSL from KeyVault |
This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. |
creates an Azure Stack HCI 23H2 cluster |
This template creates an Azure Stack HCI 23H2 cluster using an ARM template. |
Create an Azure Key Vault and a secret |
This template creates an Azure Key Vault and a secret. |
Create an Azure Key Vault with RBAC and a secret |
This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets |
Connect to a Key Vault via private endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. |
Create a Key Vault and a list of secrets |
This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters |
Create Azure Maps SAS token stored in an Azure Key Vault |
This template deploys and Azure Maps account and lists a Sas token based on the provided User Assigned identity to be stored in an Azure Key Vault secret. |
Create an Application Gateway V2 with Key Vault |
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
Create ssh-keys and store in KeyVault |
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault. |
Azure Function app and an HTTP-triggered function |
This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. |
Application Gateway with internal API Management and Web App |
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
ARM template resource definition
The vaults/secrets resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For guidance on using key vaults for secure values, see Manage secrets by using Bicep.
For a quickstart on creating a secret, see Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template.
For a quickstart on creating a key, see Quickstart: Create an Azure key vault and a key by using ARM template.
Resource format
To create a Microsoft.KeyVault/vaults/secrets resource, add the following JSON to your template.
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2023-07-01",
"name": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"properties": {
"attributes": {
"enabled": "bool",
"exp": "int",
"nbf": "int"
},
"contentType": "string",
"value": "string"
}
}
Property values
vaults/secrets
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.KeyVault/vaults/secrets' |
apiVersion | The resource api version | '2023-07-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) Character limit: 1-127 Valid characters: Alphanumerics and hyphens. |
tags | The tags that will be assigned to the secret. | Dictionary of tag names and values. See Tags in templates |
properties | Properties of the secret | SecretProperties (required) |
SecretProperties
Name | Description | Value |
---|---|---|
attributes | The attributes of the secret. | SecretAttributes |
contentType | The content type of the secret. | string |
value | The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | string |
SecretAttributes
Name | Description | Value |
---|---|---|
enabled | Determines whether the object is enabled. | bool |
exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
SAS 9.4 and Viya Quickstart Template for Azure |
The SAS® 9.4 and Viya QuickStart Template for Azure deploy these products on the cloud: SAS® Enterprise BI Server 9.4, SAS® Enterprise Miner 15.1, and SAS® Visual Analytics 8.5 on Linux, and SAS® Visual Data Mining and Machine Learning 8.5 on Linux for Viya. This QuickStart is a reference architecture for users who wants to deploy the combination of SAS® 9.4 and Viya on Azure using cloud-friendly technologies. By deploying the SAS® platform on Azure, you get an integrated environment of SAS® 9.4 and Viya environments so you can take advantage of both worlds. SAS® Viya is a cloud-enabled, in-memory analytics engine. It uses elastic, scalable, and fault-tolerant processing to address complex analytical challenges. SAS® Viya provides faster processing for analytics by using a standardized code base that supports programming in SAS®, Python, R, Java, and Lua. It also supports cloud, on-premises, or hybrid environments and deploys seamlessly to any infrastructure or application ecosystem. |
Create an API Management service with SSL from KeyVault |
This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. |
creates an Azure Stack HCI 23H2 cluster |
This template creates an Azure Stack HCI 23H2 cluster using an ARM template. |
Create an Azure Key Vault and a secret |
This template creates an Azure Key Vault and a secret. |
Create an Azure Key Vault with RBAC and a secret |
This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets |
Connect to a Key Vault via private endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. |
Create a Key Vault and a list of secrets |
This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters |
Create Azure Maps SAS token stored in an Azure Key Vault |
This template deploys and Azure Maps account and lists a Sas token based on the provided User Assigned identity to be stored in an Azure Key Vault secret. |
Create an Application Gateway V2 with Key Vault |
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
Create ssh-keys and store in KeyVault |
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault. |
Azure Function app and an HTTP-triggered function |
This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. |
Application Gateway with internal API Management and Web App |
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Terraform (AzAPI provider) resource definition
The vaults/secrets resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/vaults/secrets resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.KeyVault/vaults/secrets@2023-07-01"
name = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
attributes = {
enabled = bool
exp = int
nbf = int
}
contentType = "string"
value = "string"
}
})
}
Property values
vaults/secrets
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.KeyVault/vaults/secrets@2023-07-01" |
name | The resource name | string (required) Character limit: 1-127 Valid characters: Alphanumerics and hyphens. |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: vaults |
tags | The tags that will be assigned to the secret. | Dictionary of tag names and values. |
properties | Properties of the secret | SecretProperties (required) |
SecretProperties
Name | Description | Value |
---|---|---|
attributes | The attributes of the secret. | SecretAttributes |
contentType | The content type of the secret. | string |
value | The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | string |
SecretAttributes
Name | Description | Value |
---|---|---|
enabled | Determines whether the object is enabled. | bool |
exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |