Menu
Is it possible to set key vault access policies for multiple object ids using a parameter of array type via ARM Template?
"policies": {
"value": [
{
"objectId": "<object-id-1>",
"permissions": ["get", "set", "list"]
},
{
"objectId": "<object-id-2>",
"permissions": ["get", "set", "list"]
}
]
}
I need to set key vault access policies to two object ids as shown above. This is what I have tried:
I see the following error:
932
Looks like you are almost there. Here is a modification of what you posted that I have working.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
"type": "string"
},
"policies": {
"type": "array",
"metadata": {
"description": "Array of object ids and permissions."
}
}
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('keyVaultName'), '/add')]",
"apiVersion": "2019-09-01",
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[length(parameters('policies'))]",
"input": {
"tenantId": "[parameters('policies')[copyIndex('accessPolicies')].tenantId]",
"objectId": "[parameters('policies')[copyIndex('accessPolicies')].objectId]",
"permissions": {
"keys": "[parameters('policies')[copyIndex('accessPolicies')].keys]",
"secrets": "[parameters('policies')[copyIndex('accessPolicies')].secrets]",
"certificates": "[parameters('policies')[copyIndex('accessPolicies')].certificates]"
}
}
}
]
}
}
]
}
Here is the PowerShell variable that I splatted on the deployment call.
$parameters = @{
'keyVaultName' = 'kv62443460'
'policies' = @(
@{
'tenantId' = '<GUID>'
'objectId' = '<GUID>'
'keys' = @()
'secrets' = @('get')
'certificates' = @()
},
@{
'tenantId' = '<GUID>'
'objectId' = '<GUID>'
'keys' = @()
'secrets' = @()
'certificates' = @('list')
}
)
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
