Enable Artifact Parameter to reference secret from keyVault
When creating an artifact for use in DevTest labs it would be really useful if we could add a parameter that could reference a secret in keyVault as you can do with ARM Template Parameter files.
This would help us with managing license keys etc as part of the automated software deployment.
bleecky
shared this idea
This scenario can be achieved by using Managed Identity on lab Virtual Machines. The managed identity would have access to the secret in the KV that the artifact would reference.
Here is a doc on the same: https://docs.microsoft.com/en-us/azure/devtest-labs/enable-managed-identities-lab-vms
6 comments
-
Stijn Buitenhuis
commented
Any news about this?
-
codekaizen
commented
Lab secrets would be a great addition. Can you update about the feature's progress?
-
David Forde
commented
What is the status of this? One main reason is to domain join the VMs without giving all users access to add objects into AD.
-
Stian
commented
Are there any updates as to when we will be able to pass a key vault secret as a parameter to an artifact?
-
satish
commented
Yes, this would be helpfull for user joining a VM during deployment using Formulas(ReusableBase). As for now when using resusable for users, the domain join credentials part is not referencing to secret. Have to create same secret for the all users who will be using the lab.
-
bleecky
commented
Thank you, this would be great and a massive help to us in how we build and manage our own artifacts/package.
Ideally the secrets I need to store and pass to the artifacts would be available to multiple labs as they are usernames, pat tokens, sas keys etc that are used widely but I don't necessarily want people knowing.
I could work with the "lab secrets" approach so long as I can seed it with the secrets I need as part of an arm deployment of the lab.