You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-resource-manager/bicep/key-vault-parameter.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -151,13 +151,13 @@ The following procedure shows how to create a role with the minimum permission,
151
151
152
152
When using a key vault with the Bicep file for a [Managed Application](../managed-applications/overview.md), you must grant access to the **Appliance Resource Provider** service principal. For more information, see [Access Key Vault secret when deploying Azure Managed Applications](../managed-applications/key-vault-access.md).
153
153
154
-
## Reference secrets in Bicep file
154
+
## Retrieve secrets in Bicep file
155
155
156
-
You can use the [getSecret function](./bicep-functions-resource.md#getsecret) in .bicep files to obtain a key vault secret. Note that the `getSecret` function is exclusively applicable to a `Microsoft.KeyVault/vaults` resource. Additionally, it's restricted to usage within the `params` section of a module and can only be used with parameters with the `@secure()` decorator.
156
+
You can use the [getSecret function](./bicep-functions-resource.md#getsecret) in Bicep files to obtain a key vault secret. Note that the `getSecret` function is exclusively applicable to a `Microsoft.KeyVault/vaults` resource. Additionally, it's restricted to usage within the `params` section of a module and can only be used with parameters with the `@secure()` decorator.
157
157
158
-
Another function called `az.getSecret()` function can be used in .bicepparam files to retrieve key vault secrets. For more information, see [Reference secrets in parameters file](#reference-secrets-in-parameters-file).
158
+
Another function called `az.getSecret()` function can be used in Bicep parameter files to retrieve key vault secrets. For more information, see [Reference secrets in parameters file](#reference-secrets-in-parameters-file).
159
159
160
-
The following Bicep file creates an Azure SQL server. The `adminPassword` parameter has a `@secure()` decorator.
160
+
Because the `getSecret` function can only be used in the `params` section of a module. Let's create a *sql.bicep* in the same directory as the *main.bicep* file with the following content:
Let's use the preceding Bicep file as a module given the file name is *sql.bicep* in the same directory as the main Bicep file.
181
+
Notice in the preceding Bicep file, the `adminPassword` parameter has a `@secure()` decorator.
182
182
183
183
The following Bicep file consumes the *sql.bicep* as a module. The Bicep file references an existing key vault, and calls the `getSecret` function to retrieve the key vault secret, and then passes the value as a parameter to the module.
If you don't want to use a module, you can reference the key vault in the parameters file. However, the approach varies depending on whether you're using a JSON parameter file or a Bicep parameter file.
210
+
If you don't want to use a module, you can retrieve key vault secrets in parameters file. However, the approach varies depending on whether you're using a JSON parameter file or a Bicep parameter file.
211
211
212
212
The following Bicep file deploys a SQL server that includes an administrator password. The password parameter is set to a secure string. But the Bicep doesn't specify where that value comes from.
0 commit comments