Skip to content

Commit 2670a27

Browse files
ShannonLeavittShannonLeavitt
authored
Merge pull request #94223 from prabkumdev/patch-1
Update ARM template JSON snippet
2 parents e8d056f + 3bee918 commit 2670a27

File tree

1 file changed

+54
-37
lines changed

1 file changed

+54
-37
lines changed

articles/cloud-services-extended-support/enable-key-vault-virtual-machine.md

Lines changed: 54 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -51,46 +51,63 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
5151
- If you are using RBAC preview, search for the name of the AAD app you created and assign it to the Key Vault Secrets User (preview) role.
5252
- If you are using vault access policies, then assign **Secret-Get** permissions to the AAD app you created. For more information, see [Assign access policies](../key-vault/general/assign-access-policy-portal.md)
5353

54-
7. Install first version of the certificates created in the first step and the Key Vault VM extension using the ARM template as shown below:
54+
7. Install first
55+
step and the Key Vault VM extension using the ARM template snippet for `cloudService` resource as shown below:
5556

5657
```json
58+
{
59+
"osProfile":
5760
{
58-
"osProfile":{
59-
"secrets":[
60-
{
61-
"sourceVault":{
62-
"id":"[parameters('sourceVaultValue')]"
63-
},
64-
"vaultCertificates":[
65-
{
66-
"certificateUrl":"[parameters('bootstrpCertificateUrlValue')]"
67-
}
68-
]
69-
}
70-
]
71-
}{
72-
"name":"KVVMExtensionForPaaS",
73-
"properties":{
74-
"type":"KeyVaultForPaaS",
75-
"autoUpgradeMinorVersion":true,
76-
"typeHandlerVersion":"1.0",
77-
"publisher":"Microsoft.Azure.KeyVault",
78-
"settings":{
79-
"secretsManagementSettings":{
80-
"pollingIntervalInS":"3600",
81-
"certificateStoreName":"My",
82-
"certificateStoreLocation":"LocalMachine",
83-
"linkOnRenewal":false,
84-
"requireInitialSync":false,
85-
"observedCertificates":"[parameters('keyVaultObservedCertificates']"
86-
},
87-
"authenticationSettings":{
88-
"clientId":"Your AAD app ID",
89-
"clientCertificateSubjectName":"Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
61+
"secrets":
62+
[
63+
{
64+
"sourceVault":
65+
{
66+
"id": "[parameters('sourceVaultValue')]"
67+
},
68+
"vaultCertificates":
69+
[
70+
{
71+
"certificateUrl": "[parameters('bootstrpCertificateUrlValue')]"
72+
}
73+
]
9074
}
91-
}
92-
}
93-
}
75+
]
76+
},
77+
"extensionProfile":
78+
{
79+
"extensions":
80+
[
81+
{
82+
"name": "KVVMExtensionForPaaS",
83+
"properties":
84+
{
85+
"type": "KeyVaultForPaaS",
86+
"autoUpgradeMinorVersion": true,
87+
"typeHandlerVersion": "1.0",
88+
"publisher": "Microsoft.Azure.KeyVault",
89+
"settings":
90+
{
91+
"secretsManagementSettings":
92+
{
93+
"pollingIntervalInS": "3600",
94+
"certificateStoreName": "My",
95+
"certificateStoreLocation": "LocalMachine",
96+
"linkOnRenewal": false,
97+
"requireInitialSync": false,
98+
"observedCertificates": "[parameters('keyVaultObservedCertificates']"
99+
},
100+
"authenticationSettings":
101+
{
102+
"clientId": "Your AAD app ID",
103+
"clientCertificateSubjectName": "Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
104+
}
105+
}
106+
}
107+
}
108+
]
109+
}
110+
}
94111
```
95112
You might need to specify the certificate store for boot strap certificate in ServiceDefinition.csdef like below:
96113

@@ -101,4 +118,4 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
101118
```
102119

103120
## Next steps
104-
Further improve your deployment by [enabling monitoring in Cloud Services (extended support)](enable-alerts.md)
121+
Further improve your deployment by [enabling monitoring in Cloud Services (extended support)](enable-alerts.md)

0 commit comments

Comments
 (0)