| title | description | services | author | manager | tags | ms.service | ms.subservice | ms.topic | ms.custom | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|
Azure Quickstart - Create an Azure key vault and a secret by using Azure Resource Manager template | Microsoft Docs |
Quickstart showing how to create Azure key vaults, and add secrets to the vaults by using Azure Resource Manager template. |
key-vault |
mumian |
dougeby |
azure-resource-manager |
key-vault |
secrets |
quickstart |
mvc, subject-armqs, mode-arm, devx-track-arm-template |
04/23/2023 |
jgao |
Azure Key Vault is a cloud service that provides a secure store for secrets, such as keys, passwords, certificates, and other secrets. This quickstart focuses on the process of deploying an Azure Resource Manager template (ARM template) to create a key vault and a secret.
[!INCLUDE About Azure Resource Manager]
If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.
:::image type="content" source="~/reusable-content/ce-skilling/azure/media/template-deployments/deploy-to-azure-button.svg" alt-text="Button to deploy the Resource Manager template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create%2Fazuredeploy.json":::
To complete this article:
-
If you don't have an Azure subscription, create a free account before you begin.
-
Your Microsoft Entra user object ID is needed by the template to configure permissions. The following procedure gets the object ID (GUID).
-
Run the following Azure PowerShell or Azure CLI command by select Try it, and then paste the script into the shell pane. To paste the script, right-click the shell, and then select Paste.
echo "Enter your email address that is used to sign in to Azure:" && read upn && az ad user show --id $upn --query "Id" && echo "Press [ENTER] to continue ..."$upn = Read-Host -Prompt "Enter your email address used to sign in to Azure" (Get-AzADUser -UserPrincipalName $upn).Id Write-Host "Press [ENTER] to continue..."
-
Write down the object ID. You need it in the next section of this quickstart.
-
The template used in this quickstart is from Azure Quickstart Templates.
:::code language="json" source="~/quickstart-templates/quickstarts/microsoft.keyvault/key-vault-create/azuredeploy.json":::
Two Azure resources are defined in the template:
- Microsoft.KeyVault/vaults: create an Azure key vault.
- Microsoft.KeyVault/vaults/secrets: create a key vault secret.
More Azure Key Vault template samples can be found in Azure Quickstart Templates.
-
Select the following image to sign in to Azure and open a template. The template creates a key vault and a secret.
:::image type="content" source="~/reusable-content/ce-skilling/azure/media/template-deployments/deploy-to-azure-button.svg" alt-text="Button to deploy the Resource Manager template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create%2Fazuredeploy.json":::
-
Select or enter the following values.
Unless it's specified, use the default value to create the key vault and a secret.
- Subscription: select an Azure subscription.
- Resource group: select Create new, enter a unique name for the resource group, and then click OK.
- Location: select a location. For example, Central US.
- Key Vault Name: enter a name for the key vault, which must be globally unique within the .vault.azure.net namespace. You need the name in the next section when you validate the deployment.
- Tenant Id: the template function automatically retrieves your tenant ID. Don't change the default value.
- Ad User Id: enter your Microsoft Entra user object ID that you retrieved from Prerequisites.
- Secret Name: enter a name for the secret that you store in the key vault. For example, adminpassword.
- Secret Value: enter the secret value. If you store a password, it's recommended to use the generated password you created in Prerequisites.
- I agree to the terms and conditions state above: Select.
-
Select Purchase. After the key vault has been deployed successfully, you get a notification:
The Azure portal is used to deploy the template. In addition to the Azure portal, you can also use the Azure PowerShell, Azure CLI, and REST API. To learn other deployment methods, see Deploy templates.
You can either use the Azure portal to check the key vault and the secret, or use the following Azure CLI or Azure PowerShell script to list the secret created.
echo "Enter your key vault name:" &&
read keyVaultName &&
az keyvault secret list --vault-name $keyVaultName &&
echo "Press [ENTER] to continue ..."
$keyVaultName = Read-Host -Prompt "Enter your key vault name"
Get-AzKeyVaultSecret -vaultName $keyVaultName
Write-Host "Press [ENTER] to continue..."
The output looks similar to:
Other Key Vault quickstarts and tutorials build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you may wish to leave these resources in place. When no longer needed, delete the resource group, which deletes the Key Vault and related resources. To delete the resource group by using Azure CLI or Azure PowerShell:
echo "Enter the Resource Group name:" &&
read resourceGroupName &&
az group delete --name $resourceGroupName &&
echo "Press [ENTER] to continue ..."
$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
Remove-AzResourceGroup -Name $resourceGroupName
Write-Host "Press [ENTER] to continue..."
In this quickstart, you created a key vault and a secret using an ARM template, and validated the deployment. To learn more about Key Vault and Azure Resource Manager, continue on to the articles below.
- Read an Overview of Azure Key Vault
- Learn more about Azure Resource Manager
- Review the Key Vault security overview