This Bicep blog post will show a deployment code for Azure Key Vault using a Bicep template.
About Bicep
Azure Bicep is a DSL (Domain specific language) programming language for deploying resources in Azure. It allows us to define the infrastructure as code and reuse it multiple times.
The main advantage of Bicep compared to other IAC languages is its immediate support of resources in Azure (including preview and GA).
Bicep also provides a smooth authoring experience of template files using Intellisense when using VS code.
When authoring template files, there is no need to order the deployment code; Bicep is smart enough to orchestrate the deployment order correctly for you.
Azure Key Vault
The following Bicep template creates a Key Vault. Line number 13 needs the objectId of the user or group that will need access to Key Vault. You will find the objectId in Azure Active Directory user or group details.
param location string = resourceGroup().location
resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
name: 'nbiceplab'
location: location
properties: {
enabledForDeployment: true
enabledForTemplateDeployment: true
enabledForDiskEncryption: true
tenantId: tenant().tenantId
accessPolicies: [
{
tenantId: tenant().tenantId
objectId: 'OBJECT ID GOES HHERE'
permissions: {
keys: [
'all'
]
secrets: [
'all'
]
}
}
]
sku: {
name: 'standard'
family: 'A'
}
}
}
Use the following Azure CLI command to deploy the Key Vault.
az deployment group create --name vars --template-file 18.key_vault.bicep --resource-group biceplab