Pull Public Key from keyvault #10255
-
Hello, I've automated the deployment via bicep of a Linux VM that using the modules Modules. As part of the virtualMachine module there is a property for
sshpublickeys is an option but via bicep I don't see away to pull the private key and store it in a key vault. When trying it from the other angle and generating a key pair in keyvault I don't have a way of pulling the public key automatically unlike a secret with Can we get the same function for Keys? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
Given that you first need to generate the public/private key pair....
Deciding which of the above that you want to use is the first step. 1 + 2 are locally and 3 is in the portal. You can then decide if you want to store the public key in a keyvault or in sshpublickeys personally I create the pair locally, then store the public key in the keyvault at the same, that is a 1 time setup. So then I just use getsecret() Alternatively, if you use option 3, then you can use the something similar to below... resource mysshkey 'Microsoft.Compute/sshPublicKeys@2022-11-01' existing = {
name: mysshkey
}
var linuxConfiguration = {
disablePasswordAuthentication: true
ssh: {
publicKeys: [
{
path: '/home/${adminUsername}/.ssh/authorized_keys'
keyData: mysshkey.publicKey
}
]
}
} |
Beta Was this translation helpful? Give feedback.
-
@Grant-Rc Did you manage to find a way of generating a pair and storing the private key in the vault? I think I am trying to do the same thing. i.e. each time I build a VM i want a unique ssh pair - place the public on the VM and then stick the private in the vault. I'm also not finding a simple way to do that solely in Bicep |
Beta Was this translation helpful? Give feedback.
Given that you first need to generate the public/private key pair....
Deciding which of the above that you want to use is the first step. 1 + 2 are locally and 3 is in the portal.
You can then decide if you want to store the public key in a keyvault or in sshpublickeys
personally I create the pair locally, then store the public key in the keyvault at the same, that is a 1 time setup. So then I just use getsecret()
E.g.