How to set up Key Vault for virtual machines with the Azure CLI
Applies to: ✔️ Linux VMs ✔️ Flexible scale sets
In the Azure Resource Manager stack, secrets/certificates are modeled as resources that are provided by Key Vault. To learn more about Azure Key Vault, see What is Azure Key Vault? In order for Key Vault to be used with Azure Resource Manager VMs, the EnabledForDeployment property on Key Vault must be set to true. This article shows you how to set up Key Vault for use with Azure virtual machines (VMs) using the Azure CLI.
To perform these steps, you need the latest Azure CLI installed and logged in to an Azure account using az login.
Note
Before you can use Azure CLI in Microsoft Azure operated by 21Vianet, please run az cloud set -n AzureChinaCloud
first to change the cloud environment. If you want to switch back to Azure Public Cloud, run az cloud set -n AzureCloud
again.
Create a Key Vault
Create a key vault and assign the deployment policy with az keyvault create. The following example creates a key vault named myKeyVault
in the myResourceGroup
resource group:
az keyvault create -l chinanorth -n myKeyVault -g myResourceGroup --enabled-for-deployment true
Update a Key Vault for use with VMs
Set the deployment policy on an existing key vault with az keyvault update. The following updates the key vault named myKeyVault
in the myResourceGroup
resource group:
az keyvault update -n myKeyVault -g myResourceGroup --set properties.enabledForDeployment=true
Use templates to set up Key Vault
When you use a template, you need to set the enabledForDeployment
property to true
for the Key Vault resource as follows:
{
"type": "Microsoft.KeyVault/vaults",
"name": "ContosoKeyVault",
"apiVersion": "2015-06-01",
"location": "<location-of-key-vault>",
"properties": {
"enabledForDeployment": "true",
....
....
}
}