Skip to content

Commit 3bee918

Browse files
ShannonLeavittShannonLeavitt
authored
Update enable-key-vault-virtual-machine.md
Fixing indentation
1 parent de702c1 commit 3bee918

File tree

1 file changed

+47
-46
lines changed

1 file changed

+47
-46
lines changed

articles/cloud-services-extended-support/enable-key-vault-virtual-machine.md

Lines changed: 47 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -51,63 +51,64 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
5151
- If you are using RBAC preview, search for the name of the AAD app you created and assign it to the Key Vault Secrets User (preview) role.
5252
- If you are using vault access policies, then assign **Secret-Get** permissions to the AAD app you created. For more information, see [Assign access policies](../key-vault/general/assign-access-policy-portal.md)
5353

54-
7. Install first version of the certificates created in the first step and the Key Vault VM extension using the ARM template snippet for `cloudService` resource as shown below:
54+
7. Install first
55+
step and the Key Vault VM extension using the ARM template snippet for `cloudService` resource as shown below:
5556

56-
```json
57-
{
58-
"osProfile":
57+
```json
5958
{
60-
"secrets":
61-
[
62-
{
63-
"sourceVault":
59+
"osProfile":
60+
{
61+
"secrets":
62+
[
6463
{
65-
"id": "[parameters('sourceVaultValue')]"
66-
},
67-
"vaultCertificates":
68-
[
64+
"sourceVault":
6965
{
70-
"certificateUrl": "[parameters('bootstrpCertificateUrlValue')]"
71-
}
72-
]
73-
}
74-
]
75-
},
76-
"extensionProfile":
77-
{
78-
"extensions":
79-
[
80-
{
81-
"name": "KVVMExtensionForPaaS",
82-
"properties":
66+
"id": "[parameters('sourceVaultValue')]"
67+
},
68+
"vaultCertificates":
69+
[
70+
{
71+
"certificateUrl": "[parameters('bootstrpCertificateUrlValue')]"
72+
}
73+
]
74+
}
75+
]
76+
},
77+
"extensionProfile":
78+
{
79+
"extensions":
80+
[
8381
{
84-
"type": "KeyVaultForPaaS",
85-
"autoUpgradeMinorVersion": true,
86-
"typeHandlerVersion": "1.0",
87-
"publisher": "Microsoft.Azure.KeyVault",
88-
"settings":
82+
"name": "KVVMExtensionForPaaS",
83+
"properties":
8984
{
90-
"secretsManagementSettings":
91-
{
92-
"pollingIntervalInS": "3600",
93-
"certificateStoreName": "My",
94-
"certificateStoreLocation": "LocalMachine",
95-
"linkOnRenewal": false,
96-
"requireInitialSync": false,
97-
"observedCertificates": "[parameters('keyVaultObservedCertificates']"
98-
},
99-
"authenticationSettings":
85+
"type": "KeyVaultForPaaS",
86+
"autoUpgradeMinorVersion": true,
87+
"typeHandlerVersion": "1.0",
88+
"publisher": "Microsoft.Azure.KeyVault",
89+
"settings":
10090
{
101-
"clientId": "Your AAD app ID",
102-
"clientCertificateSubjectName": "Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
91+
"secretsManagementSettings":
92+
{
93+
"pollingIntervalInS": "3600",
94+
"certificateStoreName": "My",
95+
"certificateStoreLocation": "LocalMachine",
96+
"linkOnRenewal": false,
97+
"requireInitialSync": false,
98+
"observedCertificates": "[parameters('keyVaultObservedCertificates']"
99+
},
100+
"authenticationSettings":
101+
{
102+
"clientId": "Your AAD app ID",
103+
"clientCertificateSubjectName": "Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
104+
}
103105
}
104106
}
105107
}
106-
}
107-
]
108+
]
109+
}
108110
}
109-
}
110-
```
111+
```
111112
You might need to specify the certificate store for boot strap certificate in ServiceDefinition.csdef like below:
112113

113114
```xml

0 commit comments

Comments
 (0)