This poc repository will create two demo Key Vaults:
- A public-network accessible Key Vault for demo of features/capabilities and Azure Pipelines integration.
- A private endpoint protected Key Vault for a demo of the private network features/capabilities.
Naturally, this is a limited architecture for the POC with many additional considerations required. Here are a few as a starting point:
- General walkthrough of Key Vault features/capabilities.
- Key Vault integration with Azure Pipelines.
- Private endpoint integration with Key Vault.
proof-of-concepts-management has created a service connection within the frasermolyneux/MSFT AzDo project. This service connection is used to authenticate to the public Key Vault and retrieve a secret value.
Steps for running demos are in the two pipelines:
These demos use the key-vault-01.tf resource which has the enabled_for_template_deployment property set to true. This allows the ARM template to retrieve secrets from the Key Vault during deployment.
Manual running:
Create a secret within the key-vault-01 named sqlpassword. Update the params.json file with the correct naming etc.
az group create --name rg-arm-direct-ref --location uksouth
az deployment group create --resource-group rg-arm-direct-ref --template-file main.json --parameters params.json