Now that Bicep has parity with ARM Templates and is supported for production use, I've been starting to use it in my projects! 💪
In this post, I'm going to show how to dynamically create some Azure Key Vault secrets with Bicep, then reference those secrets during deployment of an App Service.
I have a .NET App that connects to App Insights, Azure SQL, and a Storage Account, but one thing on my list to do has been to integrate an Azure Key Vault for securing the connection strings.
I had a bit of a battle with this one, but here's how I did it...
First, I created a Key Vault module and output the
I then added a
secrets resource to the SQL and Storage modules, outputting the
secretUriWithVersion property (storageSecret example below):
In the App Service module, I made sure to add a System-Assigned identity to the app, then assigned it the Key Vault Secret User built-in role so it could read secret contents:
I then referenced the secrets as below (storageSecret example below):
RBAC for the win! 😀 This is a much better approach than using Access Policies, and I highly recommend using them going forward if you can.