20 votesTom Stones commented
I have to agree - the mechanisms for getting KV secrets into a template are really awkward to use. I want to use dynamic KV name, dynamic secret names, and I don't want to have to create a remote store to hold a nested template. I think I'm going to have to hack up a script that edits a parameter file prior to deployment. Why does it have to be so awkward?
Thank you for taking the time to vote on this request. Work on this has commenced. We will email you once it is completed. Feel free to reach out if you have any additional feedback.
Thank you for voting on this suggestion. It is now completed and can be done via custom Azure Policy. Here is a sample custom policy to apply a specific tag at the RG and have them inherited by the Resources in that RG: https://github.com/Azure/azure-policy/tree/master/samples/ResourceGroup/copy-resourcegroup-tag
Tag inheritance for existing resources is something that we plan to add support for in 2019.