New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is GEN-AZUREAD-OBJECTID in 101-key-vault-create/azuredeploy.parameters.json? #7510
Comments
The objectId is the "guid" of the principal/user you want to give access to the vault. In you screenshot there's a gold bar that says something when wrong... check the accessPolicies on the vault in the portal and see what set there (and/or just refresh that page). As for your pipeline, it depends on what accessPolicy you want to set - do you want the principal deploying the template to have access to the vault? If so the same steps would apply (to get the objectID) - or if it's a different user, you'd just supply that as a param or build variable. That help? |
Thank you Brian, that has helped and I am able to deploy Redis. Could I please ask you a follow-up question? I am trying to retrieve the primaryKey for my "outputs", but the following fails:
And I have also tried:
The error message is:
|
you need to use a list* action (listKeys in this case) to retrieve a secret (since they require separate permissions)... but don't put that in your outputs, we don't allow it in the repo (though I'm sure you'll find some violations) and it makes the key available to anyone who has perms on the resource group (even if they don't have access to the secret). |
Thank you |
Hello and good evening,
I have a question please (and I am trying to create a keyvault from a pipeline in a previously manually created resource group):
What value should be used instead of GEN-AZUREAD-OBJECTID in 101-key-vault-create/azuredeploy.parameters.json?
I see the explanation in 101-key-vault-create/azuredeploy.json
However I am not quite sure where to get that, since my pipeline uses a subscription (the task below uses a manually created keyvault, but I am trying to create a keyvault by an ARM template):
Here I have tried deploying the template manually (while testing your ARM template) -
And I see that there is a new keyvault in my afarber-test-rg.
However I cannot see the my-secret-1:
Have I specified a wrong object id maybe?
Thank you
The text was updated successfully, but these errors were encountered: