使用Bicep生成Azure Key Vault证书

dm7nw8vv  于 2023-04-07  发布在  其他
关注(0)|答案(1)|浏览(99)

我想使用Bicep在Azure KeyVault中生成证书。在Web UI中使用azure-cli可以简单直接地执行:https://learn.microsoft.com/en-us/cli/azure/keyvault/certificate?view=azure-cli-latest#az-keyvault-certificate-create
但是我怎么用二头肌呢?
我发现的唯一的东西是这个resource symbolicname 'Microsoft.Web/certificates@2022-03-01',但它实际上想要创建一个托管证书,并希望将其绑定到一些服务,这是我不需要的。
如何仅在密钥库中生成证书?

ghhkc1vu

ghhkc1vu1#

如上所述,@托马斯说,在某些情况下,它将不支持使用二头肌在密钥库中生成证书。
试试下面的代码,看看它是否有效。

param  keyVaultName  string
param  location  string = resourceGroup().location

 
resource  keyVault  'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
name: keyVaultName
location: location
sku : {
name: 'standard'
}
properties: {
    tenantId: subscription().tenantId
    accessPolicies: []
    enabledForDeployment: false
    enabledForDiskEncryption: false
    enabledForTemplateDeployment: false
    enableSoftDelete: false
    enablePurgeProtection: false
    networkAcls: {
        bypass: 'AzureServices'
        defaultAction: 'Allow'
        }
    }
}

resource  certificate  'Microsoft.KeyVault/vaults/certificates@2021-06-01-preview' = {
    parent: keyVault
    name: 'my-certificate'
    properties: {
        certificatePolicy: {
        issuerParameters: {
        name: 'Unknown'
        }
    keyProperties: {
        keyType: 'RSA'
        keySize: 2048
        reuseKey: false
        }
    secretProperties: {
        contentType: 'application/x-pkcs12'
        }
        x509CertificateProperties: {
            subject: 'CN=my-certificate'
            validityInMonths: 12
            }
        }
    }
}

相关问题