Install multiple versions of cert from KV in Azure Resource Manager (ARM)

Question

I'm using the secrets part of osProfile to install the certs I need from a given keyvault.

It looks something like this:

"secrets": [
    {
        "sourceVault": {
            "id": "[parameters('sourceVault')]"
        },
        "copy": [
            {
                "name": "vaultCertificates",
                "count": "[length(variables('certificatesToInstall'))]",
                "input": {
                    "certificateStore": "[variables('certificateStore')]",
                    "certificateUrl": "[reference(resourceId(parameters('subscriptionId'), parameters('resourceGroupName'), 'Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), variables('certificatesToInstall')[copyIndex('vaultCertificates')]), '2016-10-01').secretUriWithVersion]"
                }
            }
        ]
    }
]

Which worked fine. However now I need to make sure that more than one version of the same cert is installed on the machine (current one and the previous).

Things I've tried:

• Listing a certificate to get its versions directly from ARM. There seems to be no support for this for generic KV as per the docs
• Adding the full version of the cert to the resourceId function. This fails when deploying.

Any idea on how to reference previous versions of a cert inside ARM file?

Answer 1

check the below code on how to define the variable with secret's resource id

"mySecretResourceId": "[concat(resourceGroup().id,'/providers/Microsoft.KeyVault/vaults/', variables('keyVaultName'), '/secrets/', 'my-secret-name')]"

Then below code can be used in your template

"certificateUrl": "[reference(variables('mySecretResourceId'), '2018-02-14').secretUriWithVersion]"

You can also go through this SO which is having related discussions.

Also Check this git hub link.