title | description | ms.topic | ms.custom | ms.date |
---|---|---|---|---|
Bicep functions - parameters file |
This article describes the Bicep functions to be used in Bicep parameter files. |
reference |
devx-track-bicep |
03/20/2024 |
Bicep provides a function called readEnvironmentVariable()
that allows you to retrieve values from environment variables. It also offers the flexibility to set a default value if the environment variable doesn't exist. This function can only be used in the .bicepparam
files. For more information, see Bicep parameters file.
getSecret(subscriptionId, resourceGroupName, keyVaultName, secretName, secretVersion)
Returns a secret from an Azure Key Vault. Use this function to pass a secret to a secure string parameter of a Bicep file.
Note
You can also use the keyVaultName.getSecret(secretName) function from within a .bicep
file.
using './main.bicep'
param secureUserName = getSecret('exampleSubscription', 'exampleResourceGroup', 'exampleKeyVault', 'exampleSecretUserName')
param securePassword = getSecret('exampleSubscription', 'exampleResourceGroup', 'exampleKeyVault', 'exampleSecretPassword')
You get an error if you use this function with string interpolation.
A namespace qualifier (az
) can be used, but it's optional, because the function is available from the default Azure Namespace.
Parameter | Required | Type | Description |
---|---|---|---|
subscriptionId | Yes | string | The ID of the subscription that has the key vault resource. |
resourceGroupName | Yes | string | The name of the resource group that has the key vault resource. |
keyVaultName | Yes | string | The name of the key vault. |
secretName | Yes | string | The name of the secret stored in the key vault. |
secretVersion | No | string | The version of the secret stored in the key vault. |
The value for the secret.
The following .bicepparam
file has a securePassword
parameter that has the latest value of the <secretName> secret.
using './main.bicep'
param securePassword = getSecret('exampleSubscription', 'exampleResourceGroup', 'exampleKeyVault', 'exampleSecretPassword')
The following .bicepparam
file has a securePassword
parameter that has the value of the <secretName> secret, but it's pinned to a specific <secretValue>.
using './main.bicep'
param securePassword = getSecret('exampleSubscription', 'exampleResourceGroup', 'exampleKeyVault', 'exampleSecretPassword', 'exampleSecretVersion')
readEnvironmentVariable(variableName, [defaultValue])
Returns the value of the environment variable, or set a default value if the environment variable doesn't exist. Variable loading occurs during compilation, not at runtime.
Namespace: sys.
Parameter | Required | Type | Description |
---|---|---|---|
variableName | Yes | string | The name of the variable. |
defaultValue | No | string | A default string value to be used if the environment variable doesn't exist. |
The string value of the environment variable or a default value.
The following examples show how to retrieve the values of environment variables.
use './main.bicep'
param adminPassword = readEnvironmentVariable('admin_password')
param boolfromEnvironmentVariables = bool(readEnvironmentVariable('boolVariableName','false'))
For more information about Bicep parameters file, see Parameters file.