Microsoft.KeyVault vaults/secrets 2016-10-01

• Latest
• 2021-11-01-preview
• 2021-10-01
• 2021-06-01-preview
• 2021-04-01-preview
• 2020-04-01-preview
• 2019-09-01
• 2018-02-14
• 2018-02-14-preview
• 2016-10-01

The vaults/secrets resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Remarks

For guidance on using key vaults for secure values, see Manage secrets by using Bicep.

For a quickstart on creating a secret, see Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template.

For a quickstart on creating a key, see Quickstart: Create an Azure key vault and a key by using ARM template.

Template format

To create a Microsoft.KeyVault/vaults/secrets resource, add the following Bicep or JSON to your template.

Bicep

resource symbolicname 'Microsoft.KeyVault/vaults/secrets@2016-10-01' = {
  name: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  parent: resourceSymbolicName
  properties: {
    attributes: {
      enabled: bool
      exp: int
      nbf: int
    }
    contentType: 'string'
    value: 'string'
  }
}

JSON

{
  "type": "Microsoft.KeyVault/vaults/secrets",
  "apiVersion": "2016-10-01",
  "name": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "properties": {
    "attributes": {
      "enabled": "bool",
      "exp": "int",
      "nbf": "int"
    },
    "contentType": "string",
    "value": "string"
  }
}

Property values

vaults/secrets

Name	Description	Value
type	The resource type For Bicep, set this value in the resource declaration.	'Microsoft.KeyVault/vaults/secrets'
apiVersion	The resource api version For Bicep, set this value in the resource declaration.	'2016-10-01'
name	The resource name See how to set names and types for child resources in Bicep or JSON ARM templates.	string (required) Character limit: 1-127 Valid characters: Alphanumerics and hyphens.
tags	The tags that will be assigned to the secret.	Dictionary of tag names and values. See Tags in templates
parent	In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource.	Symbolic name for resource of type: vaults
properties	Properties of the secret	SecretProperties (required)

SecretProperties

Name	Description	Value
attributes	The attributes of the secret.	SecretAttributes
contentType	The content type of the secret.	string
value	The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.	string

SecretAttributes

Name	Description	Value
enabled	Determines whether the object is enabled.	bool
exp	Expiry date in seconds since 1970-01-01T00:00:00Z.	int
nbf	Not before date in seconds since 1970-01-01T00:00:00Z.	int

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
SAS 9.4 and Viya Quickstart Template for Azure	The SAS® 9.4 and Viya QuickStart Template for Azure deploy these products on the cloud: SAS® Enterprise BI Server 9.4, SAS® Enterprise Miner 15.1, and SAS® Visual Analytics 8.5 on Linux, and SAS® Visual Data Mining and Machine Learning 8.5 on Linux for Viya. This QuickStart is a reference architecture for users who wants to deploy the combination of SAS® 9.4 and Viya on Azure using cloud-friendly technologies. By deploying the SAS® platform on Azure, you get an integrated environment of SAS® 9.4 and Viya environments so you can take advantage of both worlds. SAS® Viya is a cloud-enabled, in-memory analytics engine. It uses elastic, scalable, and fault-tolerant processing to address complex analytical challenges. SAS® Viya provides faster processing for analytics by using a standardized code base that supports programming in SAS®, Python, R, Java, and Lua. It also supports cloud, on-premises, or hybrid environments and deploys seamlessly to any infrastructure or application ecosystem.
Create an API Management service with SSL from KeyVault	This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours.
Create an Azure Key Vault and a secret	This template creates an Azure Key Vault and a secret.
Create an Azure Key Vault with RBAC and a secret	This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets
Connect to a Key Vault via private endpoint	This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
Create a Key Vault and a list of secrets	This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters
Create Azure Maps SAS token stored in an Azure Key Vault	This template deploys and Azure Maps account and lists a Sas token based on the provided User Assigned identity to be stored in an Azure Key Vault secret.
Create an Application Gateway V2 with Key Vault	This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway.
Testing environment for Azure Firewall Premium	This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Create ssh-keys and store in KeyVault	This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Azure Function app and an HTTP-triggered function	This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key.
Application Gateway with internal API Management and Web App	Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
SAS 9.4 and Viya Quickstart Template for Azure	The SAS® 9.4 and Viya QuickStart Template for Azure deploy these products on the cloud: SAS® Enterprise BI Server 9.4, SAS® Enterprise Miner 15.1, and SAS® Visual Analytics 8.5 on Linux, and SAS® Visual Data Mining and Machine Learning 8.5 on Linux for Viya. This QuickStart is a reference architecture for users who wants to deploy the combination of SAS® 9.4 and Viya on Azure using cloud-friendly technologies. By deploying the SAS® platform on Azure, you get an integrated environment of SAS® 9.4 and Viya environments so you can take advantage of both worlds. SAS® Viya is a cloud-enabled, in-memory analytics engine. It uses elastic, scalable, and fault-tolerant processing to address complex analytical challenges. SAS® Viya provides faster processing for analytics by using a standardized code base that supports programming in SAS®, Python, R, Java, and Lua. It also supports cloud, on-premises, or hybrid environments and deploys seamlessly to any infrastructure or application ecosystem.