I have been playing around with Azure Bicep for deploying my infrastructure to Azure.
If you are new to Bicep, please take a look at Azure/bicep: Bicep is a declarative language for describing and deploying Azure resources (github.com).
My challenge?
I want to write Cosmos connection strings to Azure Key Vault.
I am using Bicep modules.
I have a Bicep module for creating secrets in Azure Key Vault.
param keyVaultName string | |
param secretName string | |
param secretValue string | |
resource keyVaultSecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = { | |
name: '${keyVaultName}/${secretName}' | |
properties: { | |
value: secretValue | |
} | |
} | |
output keyVaultSecretName string = keyVaultSecret.name |
I am using syntax supported in ARM templates to get my connection strings, with some help of variables, which I pass in.
param keyVaultAccountName string | |
param cosmosDatabaseAccountName string | |
module cosmosKeyVaultSecretPrimaryConnectionString '../modules/moduleKeyVaultSecret.bicep' = { | |
name: 'cosmosKeyVaultSecretPrimaryConnectionString' | |
params: { | |
keyVaultName: keyVaultAccountName | |
secretName: '${cosmosDatabaseAccountName}-PrimaryConnectionString' | |
secretValue: listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', cosmosDatabaseAccountName), '2020-04-01').connectionStrings[0].connectionString | |
} | |
} | |
module cosmosKeyVaultSecretSecondaryConnectionString '../modules/moduleKeyVaultSecret.bicep' = { | |
name: 'cosmosKeyVaultSecretSecondaryConnectionString' | |
params: { | |
keyVaultName: keyVaultAccountName | |
secretName: '${cosmosDatabaseAccountName}-SecondaryConnectionString' | |
secretValue: listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', cosmosDatabaseAccountName), '2020-04-01').connectionStrings[1].connectionString | |
} | |
} |
I search for this frequently, for some reason, just cannot remember it, so I record it here, more for me, but hopefully it helps another colleague out on their journey with Bicep.
Thanks and God bless!
Discover more from Matt Ruma
Subscribe to get the latest posts sent to your email.
thank you for sharing
i was exactly looking for this
Thank you! This really helped.
Thanks! but you should protect your “secretValue” with the @secure() keyword.