- [@azbake/ingredient-key-vault]
The Key Vault ingredient is a plugin for bake. When included in a recipe, this will create an Key Vault.
name: My package
shortName: mypkg
version: 0.0.1
ingredients:
- "@azbake/ingredient-key-vault@~0"
resourceGroup: true
recipe:
keyvault:
properties:
type: "@azbake/ingredient-key-vault"
parameters:
name: "[keyvaultutils.create_resource_name()]"
sku: "standard"
networkAcls:
defaultAction: "Deny"
bypass: "AzureServices"
ipRules: []
virtualNetworkRules: []
property | required | description |
---|---|---|
name | yes | The name for the Key Vault |
location | no | Sets the location. Defaults to the parent resource group location. |
sku | yes | SKU for the vault |
accessPolicies | no | The access policies defined for this vault |
tenant | no | Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault |
enabledForDeployment | no | Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Default value is false |
enabledForTemplateDeployment | no | Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Default value is false |
enabledForDiskEncryption | no | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Default value is false |
enableSoftDelete | no | Boolean flag to specify whether soft delete functionality is enabled. Default value is false |
enablePurgeProtection | no | Boolean flag to specify whether purge protection is enabled. Default value is false |
Utility classes can be used inside of the bake.yaml file for parameter and source values.
function | description |
---|---|
create_resource_name() |
Returns the name created for the Key Vault when deployed |
Gets the name created for the Key Vault when deployed.
...
parameters:
name: "[keyvaultutils.create_resource_name()]"
...
string