Skip to content

Use a valid secret reference#

Operational Excellence · All resources · Azure.Template.ValidSecretRef

Use a valid secret reference within parameter files.

Description#

When referencing secrets in a template parameter file:

  • The secret reference must be a valid Azure resource ID Key Vault.
  • A secret name must be specified.
  • An optional secret version can be specified.

Recommendation#

Check the secret value Key Vault reference is valid.

Examples#

Configure with Azure template#

To define Azure template parameter files that pass this rule:

  • When a secret is referenced from Key Vault, provide a valid resource ID and secret name.

For example:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "gatewayName": {
            "value": "gateway-A"
        },
        "sku": {
            "value": "VpnGw1"
        },
        "subnetId": {
            "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/GatewaySubnet"
        },
        "sharedKey": {
            "reference": {
                "keyVault": {
                    "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/kv-001"
                },
                "secretName": "valid-secret"
            }
        }
    }
}

Last update: 2021-10-19