问题：

如何在引用KeyVault的arm模板中为web应用程序设置连接字符串？

胡越泽

2023-03-14

我正在构建一个部署web应用程序、sql数据库和密钥库的arm模板。

web应用程序将使用

1-系统标识（将用于访问密钥库）。

webapp需要在keyvault之前部署，因此当部署keyvault时，它可以找到webapp标识，从而为其创建访问策略。

但是这种方法的问题是，当连接字符串作为webapp的一部分添加时，keyvault还不存在，因此@microsoft.keyvault访问秘密的方式也不起作用，即使在部署了keyvault之后，我得到了下面的结果

我如何部署包含keyvault访问方式的连接字符串，webapp很高兴并可以访问其中的连接字符串？

丁英韶

2023-03-14

您可以使用取决于keyvault上的条件。我首先创建了一个Keyvault，并添加了

"dependsOn": [
            "[resourceId('Microsoft.Web/sites', parameters('appBaseName'))]"

同时设置访问策略。

因此完整的模板将是：

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "appBaseName": {
      "type": "string"
    },
    "sqlName": {
      "type": "string"
    },
    "adminLogin": {
      "type": "string"
    },
    "secretValue": {
      "type": "securestring"
    },
    "adminPassword": {
      "type": "securestring"
    },
    "appInsights": {
      "type": "string"
    },
    "collation": {
      "type": "string",
      "defaultValue": "Arabic_CI_AS"
    },
    "edition": {
      "type": "string",
      "defaultValue": "Basic"
    },
    "secretsPermissions": {
      "type": "array",
      "defaultValue": [
        "get",
        "list"
      ]
    },
    "objectiveName": {
      "type": "string",
      "defaultValue": "Basic"
    },
    "keyVaultName": {
      "type": "string"
    }
  },
  "resources": [
        {      
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2019-09-01",
      "name": "[parameters('keyVaultName')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "enabledForDeployment": false,
        "enabledForDiskEncryption": false,
        "enabledForTemplateDeployment": false,
        "tenantId": "[subscription().tenantId]",
        "accessPolicies": [
          {
            "objectId": "[reference(concat('Microsoft.Web/sites/', parameters('appBaseName')), '2018-11-01','Full').identity.principalId]",
            "tenantId": "[subscription().tenantId]",
            "permissions": {
            "secrets": "[parameters('secretsPermissions')]"
            },
          "dependsOn": [
            "[resourceId('Microsoft.Web/sites', parameters('appBaseName'))]"
          ]
          }
        ],
        "sku": {
          "name": "Standard",
          "family": "A"
        },
        "networkAcls": {
          "bypass": "AzureServices",
          "defaultAction": "Allow"
        }
      }
    },
    {
      "type": "Microsoft.KeyVault/vaults/secrets",
      "apiVersion": "2019-09-01",
      "name": "[concat(parameters('keyVaultName'), '/', 'connectionString')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
      ],
      "properties": {
        "value": "[parameters('secretValue')]"
      }
    },
    {
      "name": "[parameters('appInsights')]",
      "type": "microsoft.insights/components",
      "location": "[resourceGroup().location]",
      "apiVersion": "2020-02-02",
      "kind": "web",
      "properties": {
        "ApplicationId": "[parameters('appInsights')]",
        "Application_Type": "web",
        "Flow_Type": "Bluefield",
        "Request_Source": "rest"
      }
    },
    {
      "name": "[parameters('appBaseName')]",
      "type": "Microsoft.Web/serverfarms",
      "location": "[resourceGroup().location]",
      "apiVersion": "2015-08-01",
      "sku": {
        "name": "F1"
      },
      "dependsOn": [],
      "tags": {
        "displayName": "appBaseName"
      },
      "properties": {
        "name": "[parameters('appBaseName')]",
        "numberOfWorkers": 1
      }
    },
    {
      "name": "[parameters('appBaseName')]",
      "type": "Microsoft.Web/sites",
      "location": "[resourceGroup().location]",
      "apiVersion": "2015-08-01",
      "identity": { "type": "SystemAssigned" },
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', parameters('appBaseName'))]",
        "[resourceId('microsoft.insights/components', parameters('appInsights'))]"
      ],
      "tags": {
        "[concat('hidden-related:', resourceId('Microsoft.Web/serverfarms', parameters('appBaseName')))]": "Resource",
        "displayName": "appBaseName"
      },
      "properties": {
        "name": "[parameters('appBaseName')]",
        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appBaseName'))]",
        "siteConfig": {
          "location": "[resourceGroup().location]",
          "appSettings" : [
            {
              "name": "APPINSIGHTS_INSTRUMENTATIONKEY",
              "value": "[reference(concat('microsoft.insights/components/', parameters('appInsights')), '2015-05-01').InstrumentationKey]"
            }],
            "connectionStrings": [
            {
              "name": "connectionString",
              "connectionString": "[concat('@Microsoft.KeyVault(SecretUri=https://', parameters('keyVaultName'),'.vault.azure.net/secrets/connectionString)')]",
              "type": 1
            }
          ]
        }
      }
    },
    {
      "name": "[parameters('sqlName')]",
      "type": "Microsoft.Sql/servers",
      "location": "[resourceGroup().location]",
      "apiVersion": "2014-04-01",
      "dependsOn": [],
      "properties": {
        "administratorLogin": "[parameters('adminLogin')]",
        "administratorLoginPassword": "[parameters('adminPassword')]"
      },
      "resources": [
        {
          "name": "AllowAllWindowsAzureIps",
          "type": "firewallRules",
          "location": "[resourceGroup().location]",
          "apiVersion": "2014-04-01",
          "dependsOn": [
            "[resourceId('Microsoft.Sql/servers', parameters('sqlName'))]"
          ],
          "properties": {
            "startIpAddress": "0.0.0.0",
            "endIpAddress": "0.0.0.0"
          }
        },
        {
          "name": "[parameters('sqlName')]",
          "type": "databases",
          "location": "[resourceGroup().location]",
          "apiVersion": "2014-04-01",
          "dependsOn": [
            "[resourceId('Microsoft.Sql/servers', parameters('sqlName'))]"
          ],
          "properties": {
            "collation": "[parameters('collation')]",
            "edition": "[parameters('edition')]",
            "maxSizeBytes": "1073741824",
            "requestedServiceObjectiveName": "[parameters('objectiveName')]"
          }
        }
      ]
    }
  ],
"outputs": {}
}

如何在引用KeyVault的arm模板中为web应用程序设置连接字符串？

共有1个答案

相关问答

相关文章

相关阅读

相关工具

相关文档