{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "baseName": { "type": "string", "defaultValue": "[resourceGroup().name]", "metadata": { "description": "The base resource name." } }, "keyName": { "type": "string", "defaultValue": "testKey", "metadata": { "description": "The initial key in the keys." } }, "tenantId": { "type": "string", "defaultValue": "72f988bf-86f1-41af-91ab-2d7cd011db47", "metadata": { "description": "The tenant ID to which the application and resources belong." } }, "testApplicationId": { "type": "string", "metadata": { "description": "The application client ID used to run tests." } }, "testApplicationSecret": { "type": "string", "metadata": { "description": "The application client secret used to run tests." } }, "testApplicationOid": { "type": "string", "defaultValue": "b3653439-8136-4cd5-aac3-2a9460871ca6", "metadata": { "description": "The client OID to grant access to test resources." } }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", "metadata": { "description": "The location of the resource. By default, this is the same as the resource group." } }, "enableSoftDelete": { "type": "bool", "defaultValue": true, "metadata": { "description": "Whether to enable soft delete for the Key Vault. The default is true." } }, "keyVaultDomainSuffix": { "type": "string", "defaultValue": ".vault.azure.net", "metadata": { "description": "Domain suffix for sovereign clouds, requies the preceeding '.'. The default uses the public Azure Cloud (.vault.azure.net)" } }, "keyVaultSku": { "type": "string", "defaultValue": "premium", "metadata": { "description": "Key Vault SKU to deploy. The default is 'premium'" } }, "keyType": { "type": "string", "defaultValue": "RSA", "metadata": { "description": "The JsonWebKeyType of the key to be created." } }, "keyOps": { "type": "array", "defaultValue": [], "metadata": { "description": "The permitted JSON web key operations of the key to be created." } }, "keySize": { "type": "int", "defaultValue": 2048, "metadata": { "description": "The size in bits of the key to be created." } }, "curveName": { "type": "string", "defaultValue": "", "metadata": { "description": "The JsonWebKeyCurveName of the key to be created." } } }, "variables": { "azureKeyVaultUrl": "[format('https://{0}{1}/', parameters('baseName'), parameters('keyVaultDomainSuffix'))]" }, "resources": [ { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2019-09-01", "name": "[parameters('baseName')]", "location": "[parameters('location')]", "properties": { "sku": { "family": "A", "name": "[parameters('keyVaultSku')]" }, "tenantId": "[parameters('tenantId')]", "accessPolicies": [ { "tenantId": "[parameters('tenantId')]", "objectId": "[parameters('testApplicationOid')]", "permissions": { "keys": [ "get", "list", "update", "create", "import", "delete", "recover", "backup", "restore", "decrypt", "encrypt", "unwrapKey", "wrapKey", "verify", "sign", "purge" ], "secrets": [ "get", "list", "set", "delete", "recover", "backup", "restore", "purge" ], "certificates": [ "get", "list", "update", "create", "import", "delete", "recover", "backup", "restore", "managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers", "deleteissuers", "purge" ] } } ], "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, "enableSoftDelete": "[parameters('enableSoftDelete')]" } }, { "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2019-09-01", "name": "[concat(parameters('baseName'), '/', parameters('keyName'))]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', parameters('baseName'))]" ], "properties": { "kty": "[parameters('keyType')]", "keyOps": "[parameters('keyOps')]", "keySize": "[parameters('keySize')]", "curveName": "[parameters('curveName')]" } } ], "outputs": { "AZURE_KEYVAULT_URL": { "type": "string", "value": "[variables('azureKeyVaultUrl')]" }, "AZURE_KEYVAULT_HSM_URL": { "type": "string", "value": "[variables('azureKeyVaultUrl')]" }, "AZURE_TENANT_ID": { "type": "string", "value": "[parameters('tenantId')]" }, "AZURE_CLIENT_ID": { "type": "string", "value": "[parameters('testApplicationId')]" }, "AZURE_CLIENT_SECRET": { "type": "string", "value": "[parameters('testApplicationSecret')]" }, "KEYVAULT_SKU": { "type": "string", "value": "[reference(parameters('baseName')).sku.name]" }, "CLIENT_OBJECTID": { "type": "string", "value": "[parameters('testApplicationOid')]" } } }