| title | description | author | ms.service | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|
Set up Azure Key Vault using CLI |
How to set up Key Vault for virtual machine using the Azure CLI. |
mimckitt |
virtual-machines |
how-to |
10/20/2022 |
mimckitt |
devx-track-azurecli, linux-related-content |
Applies to: ✔️ Linux VMs ✔️ Flexible scale sets
In the Azure Resource Manager stack, secrets/certificates are modeled as resources that are provided by Key Vault. To learn more about Azure Key Vault, see What is Azure Key Vault? In order for Key Vault to be used with Azure Resource Manager VMs, the EnabledForDeployment property on Key Vault must be set to true. This article shows you how to set up Key Vault for use with Azure virtual machines (VMs) using the Azure CLI.
To perform these steps, you need the latest Azure CLI installed and logged in to an Azure account using az login.
Create a key vault and assign the deployment policy with az keyvault create. The following example creates a key vault named myKeyVault in the myResourceGroup resource group:
az keyvault create -l westus -n myKeyVault -g myResourceGroup --enabled-for-deployment true
Set the deployment policy on an existing key vault with az keyvault update. The following updates the key vault named myKeyVault in the myResourceGroup resource group:
az keyvault update -n myKeyVault -g myResourceGroup --set properties.enabledForDeployment=true
When you use a template, you need to set the enabledForDeployment property to true for the Key Vault resource as follows:
{
"type": "Microsoft.KeyVault/vaults",
"name": "ContosoKeyVault",
"apiVersion": "2015-06-01",
"location": "<location-of-key-vault>",
"properties": {
"enabledForDeployment": "true",
....
....
}
}For other options that you can configure when you create a Key Vault by using templates, see Create a key vault.