-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathKeyVault.json
137 lines (137 loc) · 4.65 KB
/
KeyVault.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Name of the Key Vault"
}
},
"location": {
"type": "string",
"metadata": {
"description": "Location of the Key Vault"
}
},
"accessPolicies": {
"type": "array",
"metadata": {
"description": "An array of access policies objects"
}
},
"skuName": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Premium"
],
"metadata": {
"description": "SKU for the vault"
}
},
"enableVaultForDeployment": {
"type": "bool",
"defaultValue": false,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Specifies if the vault is enabled for a VM deployment"
}
},
"enableVaultForDiskEncryption": {
"type": "bool",
"defaultValue": false,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Specifies if the azure platform has access to the vault for enabling disk encryption scenarios."
}
},
"enabledForTemplateDeployment": {
"type": "bool",
"defaultValue": false,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault."
}
},
"enableSoftDelete": {
"type": "bool",
"defaultValue": true,
"allowedValues": [
true,
false
],
"metadata": {
"description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault."
}
},
"omsWorkspaceResourceId": {
"type": "string"
}
},
"variables": {
"productTag": "Key Vault 1.0"
},
"resources": [{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('keyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[parameters('location')]",
"tags": {
"Product": "[variables('productTag')]"
},
"properties": {
"enabledForDeployment": "[parameters('enableVaultForDeployment')]",
"enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"enableSoftDelete": "[if(parameters('enableSoftDelete'), bool('true'), json('null'))]",
"accessPolicies": "[parameters('accessPolicies')]",
"sku": {
"name": "[parameters('skuName')]",
"family": "A"
}
},
"resources": [{
"type": "providers/diagnosticSettings",
"name": "Microsoft.Insights/service",
"dependsOn": [
"[parameters('keyVaultName')]"
],
"apiVersion": "2015-07-01",
"properties": {
"workspaceId": "[parameters('omsWorkspaceResourceId')]",
"logs": [{
"category": "AuditEvent",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}]
}
},
{
"type": "Microsoft.KeyVault/vaults/providers/locks",
"name": "[concat(parameters('keyVaultName'), '/Microsoft.Authorization/keyVaultLock')]",
"apiVersion": "2015-06-01",
"dependsOn": [
"[parameters('keyVaultName')]"
],
"properties": {
"level": "CannotDelete",
"notes": "Key Vault should not be deleted"
}
}
]
}]
}