Creating an Azure Key Vault

To create a new Key Vault, we need to provide a Name, Subscription, Resource Group, and Location. We can optionally change the Pricing tier, assign Access policies, and provide Virtual Network Access. The tier comes with two options: Standard and Premium. The only difference is that Premium supports hardware security modules (HSMs). The default policy assigned is to grant all access to the person creating the vault. You can additionally add policies as needed at any time, either during creation or later. Virtual Network Access is granted to all networks in your subscription by default, but you can edit this and grant access to specific networks only. An example of the default settings is shown here:

Creating an Azure Key Vault is relatively fast and should be completed in under one minute. Note the DNS Name, as this will be used later. An example of an Azure Key Vault blade is shown in the following screenshot:

To deploy Azure Key Vault, you can use the following ARM template:

{
    "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "type": "String"
        },
        "location": {
            "type": "String"
        },
        "sku": {
            "defaultValue": "Standard",
            "allowedValues": [
                "Standard",
                "standard",
                "Premium",
                "premium"
            ],
            "type": "String",
            "metadata": {
                "description": "SKU for the vault"
            }
        },
        "accessPolicies": {
            "defaultValue": [],
            "type": "Array",
            "metadata": {
                "description": "The access policies defined for this vault."
            }
        },
        "tenant": {
            "type": "String"
        },
        "enabledForDeployment": {
            "type": "Bool"
        },
        "enabledForTemplateDeployment": {
            "type": "Bool"
        },
        "enabledForDiskEncryption": {
            "type": "Bool"
        },
        "networkAcls": {
            "type": "Object",
            "metadata": {
                "description": "The network firewall defined for this vault."
            }
        }
    },
    "resources": [
        {
            "type": "Microsoft.KeyVault/vaults",
            "name": "[parameters('name')]",
            "apiVersion": "2016-10-01",
            "location": "[parameters('location')]",
            "properties": {
                "enabledForDeployment": "[parameters('enabledForDeployment')]",
                "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
                "enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
                "accessPolicies": "[parameters('accessPolicies')]",
                "tenantId": "[parameters('tenant')]",
                "sku": {
                    "name": "[parameters('sku')]",
                    "family": "A"
                },
                "networkAcls": "[parameters('networkAcls')]"
            }
        }
    ]
}
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset