Skip to content

Commit de702c1

Browse files
prabkumdevprabkumdev
authored
Update ARM template JSON snippet
Correct the missing extensionProfile.extensions section in the ARM template snippet for KV VM extension for CSES.
1 parent d0b114d commit de702c1

File tree

1 file changed

+55
-39
lines changed

1 file changed

+55
-39
lines changed

articles/cloud-services-extended-support/enable-key-vault-virtual-machine.md

Lines changed: 55 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -51,47 +51,63 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
5151
- If you are using RBAC preview, search for the name of the AAD app you created and assign it to the Key Vault Secrets User (preview) role.
5252
- If you are using vault access policies, then assign **Secret-Get** permissions to the AAD app you created. For more information, see [Assign access policies](../key-vault/general/assign-access-policy-portal.md)
5353

54-
7. Install first version of the certificates created in the first step and the Key Vault VM extension using the ARM template as shown below:
55-
56-
```json
57-
{
58-
"osProfile":{
59-
"secrets":[
60-
{
61-
"sourceVault":{
62-
"id":"[parameters('sourceVaultValue')]"
54+
7. Install first version of the certificates created in the first step and the Key Vault VM extension using the ARM template snippet for `cloudService` resource as shown below:
55+
56+
```json
57+
{
58+
"osProfile":
59+
{
60+
"secrets":
61+
[
62+
{
63+
"sourceVault":
64+
{
65+
"id": "[parameters('sourceVaultValue')]"
6366
},
64-
"vaultCertificates":[
65-
{
66-
"certificateUrl":"[parameters('bootstrpCertificateUrlValue')]"
67-
}
67+
"vaultCertificates":
68+
[
69+
{
70+
"certificateUrl": "[parameters('bootstrpCertificateUrlValue')]"
71+
}
6872
]
69-
}
70-
]
71-
}{
72-
"name":"KVVMExtensionForPaaS",
73-
"properties":{
74-
"type":"KeyVaultForPaaS",
75-
"autoUpgradeMinorVersion":true,
76-
"typeHandlerVersion":"1.0",
77-
"publisher":"Microsoft.Azure.KeyVault",
78-
"settings":{
79-
"secretsManagementSettings":{
80-
"pollingIntervalInS":"3600",
81-
"certificateStoreName":"My",
82-
"certificateStoreLocation":"LocalMachine",
83-
"linkOnRenewal":false,
84-
"requireInitialSync":false,
85-
"observedCertificates":"[parameters('keyVaultObservedCertificates']"
86-
},
87-
"authenticationSettings":{
88-
"clientId":"Your AAD app ID",
89-
"clientCertificateSubjectName":"Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
73+
}
74+
]
75+
},
76+
"extensionProfile":
77+
{
78+
"extensions":
79+
[
80+
{
81+
"name": "KVVMExtensionForPaaS",
82+
"properties":
83+
{
84+
"type": "KeyVaultForPaaS",
85+
"autoUpgradeMinorVersion": true,
86+
"typeHandlerVersion": "1.0",
87+
"publisher": "Microsoft.Azure.KeyVault",
88+
"settings":
89+
{
90+
"secretsManagementSettings":
91+
{
92+
"pollingIntervalInS": "3600",
93+
"certificateStoreName": "My",
94+
"certificateStoreLocation": "LocalMachine",
95+
"linkOnRenewal": false,
96+
"requireInitialSync": false,
97+
"observedCertificates": "[parameters('keyVaultObservedCertificates']"
98+
},
99+
"authenticationSettings":
100+
{
101+
"clientId": "Your AAD app ID",
102+
"clientCertificateSubjectName": "Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
103+
}
104+
}
90105
}
91-
}
92-
}
93-
}
94-
```
106+
}
107+
]
108+
}
109+
}
110+
```
95111
You might need to specify the certificate store for boot strap certificate in ServiceDefinition.csdef like below:
96112

97113
```xml
@@ -101,4 +117,4 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
101117
```
102118

103119
## Next steps
104-
Further improve your deployment by [enabling monitoring in Cloud Services (extended support)](enable-alerts.md)
120+
Further improve your deployment by [enabling monitoring in Cloud Services (extended support)](enable-alerts.md)

0 commit comments

Comments
 (0)