@@ -507,6 +507,85 @@ The Azure CLI can be used to deploy the Key Vault VM extension to an existing vi
507
507
508
508
### [ Version-3.0] ( #tab/version3 )
509
509
510
+ The Azure Key Vault VM extension can be deployed by using the Azure CLI. Save Key Vault VM extension settings to a JSON file (settings.json).
511
+
512
+ The following JSON snippets provide example settings for deploying the Key Vault VM extension with the Azure CLI.
513
+
514
+ ``` json
515
+ {
516
+ "loggingSettings" : {
517
+ "logger" : " fluentd" ,
518
+ "endpoint" : " unix:///var/run/azuremonitoragent/sometenant/default_fluent.socket" ,
519
+ "format" : " forward" ,
520
+ "servicename" : " akvvm_service"
521
+ },
522
+ "secretsManagementSettings" : {
523
+ "pollingIntervalInS" : " 3600" ,
524
+ "linkOnRenewal" : true ,
525
+ "observedCertificates" :
526
+ [
527
+ {
528
+ "url" : " https://<examplekv>.vault.azure.net/secrets/mycertificate1" ,
529
+ "certificateStoreLocation" : " /var/lib/waagent/Microsoft.Azure.KeyVault.Store" ,
530
+ "acls" :
531
+ [
532
+ {
533
+ "user" : " app1" ,
534
+ "group" : " appGroup1"
535
+ },
536
+ {
537
+ "user" : " service1"
538
+ }
539
+ ]
540
+ },
541
+ {
542
+ "url" : " https://<examplekv>.vault.azure.net/secrets/mycertificate2" ,
543
+ "certificateStoreLocation" : " /var/lib/waagent/Microsoft.Azure.KeyVault.Store" ,
544
+ "acls" :
545
+ [
546
+ {
547
+ "user" : " app2"
548
+ }
549
+ ]
550
+ }
551
+ ]},
552
+ "authenticationSettings" : {
553
+ "msiEndpoint" : " http://169.254.169.254/metadata/identity/oauth2/token" ,
554
+ "msiClientId" : " xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
555
+ }
556
+ }
557
+
558
+ ```
559
+
560
+ * To deploy the extension on a virtual machine
561
+
562
+ ``` azurecli
563
+
564
+ # Start the deployment
565
+ az vm extension set -n "KeyVaultForLinux" `
566
+ --publisher Microsoft.Azure.KeyVault `
567
+ -g "<resourcegroup>" `
568
+ --vm-name "<vmName>" `
569
+ --version 3.0 `
570
+ --enable-auto-upgrade true `
571
+ --settings "@settings.json"
572
+
573
+ ```
574
+
575
+ * To deploy the extension on a virtual machine scale set:
576
+
577
+ ``` azurecli
578
+ # Start the deployment
579
+ az vmss extension set -n "KeyVaultForLinux" `
580
+ --publisher Microsoft.Azure.KeyVault `
581
+ -g "<resourcegroup>" `
582
+ --vmss-name "<vmssName>" `
583
+ --version 3.0 `
584
+ --enable-auto-upgrade true `
585
+ --settings "@settings.json"
586
+
587
+ ```
588
+
510
589
### [ Version-1.0/2.0] ( #tab/version12 )
511
590
512
591
```azurecli
0 commit comments