Using Azure Key Vault for ARM Templates secrets

When starting this blog I had decided to write a blog post every second day, and today when it’s 10:30 pm and after wrapping my office work I realized that today is my post day, so here is one about the simple issue (which took my lot of time) that I faced when deploying an ARM template using Blueprints.

Using ARM template I was provisioning SQL Server, and was passing the admin account password from Azure Key Vault. This is my secret inside the AKV:

secret for sql server admin account

When assigning the Blueprint I was passing this secret to the password parameter.

blueprint extract

But when deploying the resources it was failing with the below error.

error when deploying ARM template using blueprint

I tried many ridiculous things and wasted ~1 hour, and finally I realized that I haven’t ticked one check box which is “Enable Access to: Azure Resource Manager for template deployment” under key vaults access policies.

Access Policy for AKV

This checkbox is just not required for deploying the resources using Blueprint but also when deploying an ARM template using PowerShell.

I hope it helps!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s