stackoom
  简体   繁体   中英

Creating multiple keyvault secrets in same arm template deployment

 原文  2022-04-23 16:37:58       azure/ azure-resource-manager/ azure-keyvault

Question

I am currently having an issue creating multiple secrets in a keyvault in the same arm template deployment. The problem is that the arm template is trying to create the keys at the same time, and that is not supported. What I want to do is to make the second secret dependent on the first.

The name of the first key is

"name": "[format('{0}/{1}', variables('kvName'), 'StorageAccountConnString')]"

I can't seem to get it to work. I am not sure what to write in the dependsOn array. I tried using the value above as it is, I also tried using resourceId, but it tells me that I only sent a single parameter in, even though it is not true:

"[resourceId('Microsoft.KeyVault/vaults/secrets', format('{0}/{1}', variables('kvName'), 'StorageAccountConnString'))]"

Can someone help me? Is there someway to tell azure NOT to deploy these secrets at the same time? Or how do I get it run sequentially?

2 answers

solution1
 2 ACCPTED  2022-04-23 22:24:48

The resourceId should have two parts:

resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2], ...)

Returns the unique identifier of a resource. You use this function when the resource name is ambiguous or not provisioned within the same template. The format of the returned identifier varies based on whether the deployment happens at the scope of a resource group, subscription, management group, or tenant.

In your case, this should work:

"[resourceId('Microsoft.KeyVault/vaults/secrets', variables('kvName'), 'StorageAccountConnString')]"

If you don't want to have dependencies between secrets creation, you could always use a nested template .

solution2
 1  2022-04-25 10:56:32

The answer @Thomas gave me solved the issue I was asking about: How do I correctly formulate a dependency to a key vault secret. The problem though was that was not the actual issue at hand.

While azure was telling me about some "ConflictError", this wasn't the actual problem. The issue was that there was a soft-delete policy on the secrets, and the secret it was trying to create had been deleted some time ago.

So, in case you are searching for a solution to

##[error]ConflictError: A conflict occurred that prevented the operation from completing. The operation failed because the Key Vault changed from the point the operation began. This can happen if parallel operations are being performed on the Key Vault. To prevent this error, serialize the operations so that only one operation is performed on the Key Vault at a time. Follow this link for more information: https://go.microsoft.com/fwlink/?linkid=2147741

Know that there is not actually an issue with regards to parallel operations , but actually the soft-delete policy for that secret.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question KeyVault ARM template overrides secrets when re-deploying ARM Template - Add secrets to the keyvault with activation and expiration date Allow Cloud Service ARM template deployment to a different subscription than the keyVault Get Azure KeyVault Secrets from the KeyVault to an App Service using ARM Templates Bash script for loop, for creating Keyvault Secrets from two files Store multiple secrets in Keyvault with one Azure Cli command Need recommendation on updating secrets to KeyVault Creating Azure KeyVault secret as a child resource in nested template Azure ARM tempate - Key Vault with creating empty/default secrets Destroy resources created by ARM template deployment
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM