mardi 4 mai 2021

Azure Bicep - Conditionally create a secret

I'm creating a KeyVault with Bicep and I want to create a secret in the vault, but only when there's no secret yet with the given name.

Checking if the KeyVault exists wasn't working, so I'm checking now if certain tag exists. When creating the Vault I write a tag in the resource group. Afterwards I change the secret's password in the script and I run the script again, expecting the old password isn't overwritten. Unfortunately the secret is being recreated with the new password.

Any idea how to do a condition in Bicep, based on the existence of certain resource?

resource keyvault 'Microsoft.KeyVault/vaults@2019-09-01' = {
    name: name
    ...
}

var rgWithDefaultTag = {
  tags: {
    keyVaultSecretName: ''
  }
}

// Only create a new secret when a new KeyVault is created.
resource secret 'Microsoft.KeyVault/vaults/secrets@2021-04-01-preview' = if (empty(union(rgWithDefaultTag, resourceGroup()).tags['keyVaultSecretName'])) {
  name: '${keyvault.name}/MySecret'
  properties: {
    value: 'value'
  }
}

resource tag 'Microsoft.Resources/tags@2021-01-01' = {
  name: 'default'
  properties: {
    tags: {
      keyVaultSecretName: secret.name
    }
  }
}
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)