![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-3-1024x539.png\")
<\/figure>\n\n\n\n
Option – 1: Using getSecret() function <\/h3>\n\n\n\n
Our first option is to delegate this important work to a Let’s look into an example where an existing Azure Key Vault service is referenced to provide administrative password for SQL server deployment. <\/p>\n\n\n\n This sample Bicep code is using sqldb.bicep file as a module, where parameters; such as The <\/p>\n\n\n\n Let’s have a quick view into the Now, let’s deploy these resources with a secret value from Key Vault resource that has a secret name Upon carefully analyzing error, I see the following reason for this error: <\/p>\n\n\n\n At least one resource deployment operation failed. Please list deployment operations for details. Please see https:\/\/aka.ms\/DeployOperations for usage details.”,”details”:[{“code”:”RegionDoesNotAllowProvisioning”,”message”:”Location ‘East US 2’ is not accepting creation of new Windows Azure SQL Database servers at this time.<\/p>Azure deployment error<\/cite><\/blockquote>\n\n\n\n Based on the error message, we change the location to Next, we will attempt to login into a SQL Server instance. If you are getting an error <\/strong>during the login then try to check the following steps:<\/p>\n\n\n\n Description of a typical login error into a SQL server instance is provided below. I checked the firewall rules and made a cup of coffee => before getting a successful log-in \ud83d\ude42 <\/p>\n\n\n\n The second option is pretty straightforward, if you have already used it on ARM template deployments. <\/p>\n\n\n\n Note:<\/strong> Please check out the following post – Four parameterization options for your Azure Bicep deployments<\/a> for detailed information on available options.<\/p>\n\n\n\n We just need to reference Azure Key Vault secret like in the following example:<\/p>\n\n\n\n Using a parameter file and referencing the Key Vault Let’s run the bicep file that deploys multiple RGs and an Azure VM that uses A successful deployment provisions following RG with the VM resources:<\/p>\n\n\n\n <\/p>\n\n\n\n Next, we should smoke test our deployment by locating the resource group “rg-demo-vm-1116” and using deployment parameters to RDP into Windows server:<\/p>\n\n\n\n <\/p>\n\n\n\n Finally, we are able to see that secret and admin user name pair worked as expected <\/p>\n\n\n\n In this post, we looked into two available options that harden our infrastructure code by removing hard-coded sensitive information and replacing it with Azure Key Vault reference. Thus, avoiding any potential leaks of passwords, secrets, etc. <\/p>\n\n\n\n IMHO, first option is better than the later one, because it does not expose subscription id and other small details. Thank you for your interest my #cloudmarathoner friends! All code samples and presented Bicep files are placed in “Learn-Bicep” GitHub repo \ud83d\udc49 https:\/\/lnkd.in\/ds-h9VQx<\/a>getSecret()<\/code> function. This option could be used with an existing Azure Key Vault resource that is declared in your Azure Bicep code.<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-4.png\")
sqlServerName <\/code>and adminLogin<\/code> are passed through with a secret name of ExamplePassword<\/code>.<\/p>\n\n\n\nExamplePassword<\/code> secret name should be already set and ready in the referenced Key Vault service above. Here is the view of this secret on Azure portal.<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-5-1024x453.png\")
sqldb.bicep<\/code> file, as it is referenced in the main Bicep file.<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-6.png\")
ExamplePassword<\/code>.
What happened? I am getting an error on my first deployment execution \ud83d\ude41<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-8-1024x494.png\")
eastus<\/code> and re-run the script. Now, we got the following positive result in console and portal:<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-10-1024x659.png\")
<\/figure>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-9-1024x268.png\")
A successful login will look like the following screen:<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-12-1024x448.png\")
Important Note:<\/strong><\/h3>\n\n\n\n
adminLogin <\/code>name is entered correctly<\/li>![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-11.png\")
Option -2: Referencing as a secretName in parameter<\/h3>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-13-1024x295.png\")
<\/figure>\n\n\n\nsecretName<\/code> will do the trick in extracting the value and provisioning your resource.<\/p>\n\n\n\nVMPassword <\/code>secret.<\/p>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-14-1024x77.png\")
![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-15-1024x613.png\")
<\/figure>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-16-1024x589.png\")
<\/figure>\n\n\n\n![\"\"](\"\/wp-content\/uploads\/2021\/11\/image-17-1024x532.png\")
Summary<\/h3>\n\n\n\n
What will be your choice? Please, share on LinkedIn post comments<\/a> section. <\/p>\n\n\n\n
Please, check other Azure Bicep posts<\/a> and let me know your feedback.<\/p>\n\n\n\nWhat is next?<\/h3>\n\n\n\n
Please, join me to learn more about Azure Bicep \ud83d\udcaa on an Omaha Azure User Group meetup<\/a> scheduled to happen on November 17th.<\/p>\n