问题描述
我已阅读@WinDevMatt上有关如何在KeyVault中添加AccessPolicies的文章,并已通过ARM模板成功实现了这一点(链接:https://azidentity.azurewebsites.net/post/2018/05 /29/azure-key-vault-access-policy-update-via-arm-template)
但是,我现在要做的是创建一个部署过程,该过程将运行并部署一个Web应用程序,该应用程序将机密存储在KeyVault中,并且可能需要与其他启用了托管身份的应用程序共享机密.我已经成功实施了访问政策, 但是每次我重新运行部署过程(包括KeyVault的增量部署)时,AccessPolicies都会被覆盖.
我已经尝试了各种方法,省去了AccessPolicies部分或将其替换为Null,当我尝试在AccessPolicies上使用keyvaultname/add作为名称时,我以为有了它,但是尽管这不再导致失败部署,它仍然覆盖 现有的AccessPolicies.除了检查KeyVault的存在之外,我可以怎么做才能继续运行增量部署,但是可以添加一个AccessPolicies元素作为更新,或者使用一个空的AccessPolicies元素来避免过度写入 现有的AccessPolicies?谢谢.
I've read the article from @WinDevMatt on how to add AccessPolicies in KeyVault and have successfully implemented this via ARM Templates (link: https://azidentity.azurewebsites.net/post/2018/05/29/azure-key-vault-access-policy-update-via-arm-template)
However what I now want to do is create a deployment process, which runs deploys a web app which stores secrets in KeyVault and may need to share the secrets with other apps with managed identity enabled. I've successfully implemented the accesspolicies, but every time I re-run the deployment process, which includes incremental deployment of the KeyVault, the AccessPolicies are overwritten.
I've tried all sorts of things, leaving out the AccessPolicies section or replacing it with Null, I thought I had it when I tried using keyvaultname/add as the name on the AccessPolicies, but although this no longer caused a failed deployment, it still overwrote the existing AccessPolicies. Other than checking for existence of the KeyVault, what can I do to continue running the incremental deployment, but either add an AccessPolicies element as an update or have an empty AccessPolicies element to avoid overwritting the existing AccessPolicies? Thanks.
这篇关于如何从ARM模板部署KeyVault而不覆盖AccessPolicies的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!