Skip to content

Commit 31e2d25

Browse files
authored
Update key-vault-linux.md
1 parent 6d9db2a commit 31e2d25

File tree

1 file changed

+79
-0
lines changed

1 file changed

+79
-0
lines changed

articles/virtual-machines/extensions/key-vault-linux.md

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -507,6 +507,85 @@ The Azure CLI can be used to deploy the Key Vault VM extension to an existing vi
507507

508508
### [Version-3.0](#tab/version3)
509509

510+
The Azure Key Vault VM extension can be deployed by using the Azure CLI. Save Key Vault VM extension settings to a JSON file (settings.json).
511+
512+
The following JSON snippets provide example settings for deploying the Key Vault VM extension with the Azure CLI.
513+
514+
```json
515+
{
516+
"loggingSettings": {
517+
"logger": "fluentd",
518+
"endpoint": "unix:///var/run/azuremonitoragent/sometenant/default_fluent.socket",
519+
"format": "forward",
520+
"servicename": "akvvm_service"
521+
},
522+
"secretsManagementSettings": {
523+
"pollingIntervalInS": "3600",
524+
"linkOnRenewal": true,
525+
"observedCertificates":
526+
[
527+
{
528+
"url": "https://<examplekv>.vault.azure.net/secrets/mycertificate1",
529+
"certificateStoreLocation": "/var/lib/waagent/Microsoft.Azure.KeyVault.Store",
530+
"acls":
531+
[
532+
{
533+
"user": "app1",
534+
"group": "appGroup1"
535+
},
536+
{
537+
"user": "service1"
538+
}
539+
]
540+
},
541+
{
542+
"url": "https://<examplekv>.vault.azure.net/secrets/mycertificate2",
543+
"certificateStoreLocation": "/var/lib/waagent/Microsoft.Azure.KeyVault.Store",
544+
"acls":
545+
[
546+
{
547+
"user": "app2"
548+
}
549+
]
550+
}
551+
]},
552+
"authenticationSettings": {
553+
"msiEndpoint": "http://169.254.169.254/metadata/identity/oauth2/token",
554+
"msiClientId": "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
555+
}
556+
}
557+
558+
```
559+
560+
* To deploy the extension on a virtual machine
561+
562+
```azurecli
563+
564+
# Start the deployment
565+
az vm extension set -n "KeyVaultForLinux" `
566+
--publisher Microsoft.Azure.KeyVault `
567+
-g "<resourcegroup>" `
568+
--vm-name "<vmName>" `
569+
--version 3.0 `
570+
--enable-auto-upgrade true `
571+
--settings "@settings.json"
572+
573+
```
574+
575+
* To deploy the extension on a virtual machine scale set:
576+
577+
```azurecli
578+
# Start the deployment
579+
az vmss extension set -n "KeyVaultForLinux" `
580+
--publisher Microsoft.Azure.KeyVault `
581+
-g "<resourcegroup>" `
582+
--vmss-name "<vmssName>" `
583+
--version 3.0 `
584+
--enable-auto-upgrade true `
585+
--settings "@settings.json"
586+
587+
```
588+
510589
### [Version-1.0/2.0](#tab/version12)
511590

512591
```azurecli

0 commit comments

Comments
 (0)