0

Is there a way to encrypt the VM useraccount password passed during Azure provisioning?

As of now, we need to pass the password in plain text for the password to get set correctly when provisioning the VM, which is security issue.

I need to know is there is some Azure API available for password encryption.

Rick Rainey
  • 11,096
  • 4
  • 30
  • 48
nihalnaik
  • 61
  • 1
  • 4

1 Answers1

2

If you're using a JSON template to deploy the VM you can store the Password in Azure KeyVault and AzureRM will pull the password from there. See: https://azure.microsoft.com/en-us/blog/keyvault-support-for-arm-templates/ for a sample.

If you're using a REST call, you could use a similar technique if you're performing a template deployment.

That help?

bmoore-msft
  • 8,376
  • 20
  • 22
  • Thanks a lot for your comments !!! Considering we have Azure Administrator and Enduser who is using a custom application for azure provisioning developed using Azure Java SDK, how would enduser know what is the vault url to be provided during provisioning. Would the Admin have to create the vault in advance with the password and then inform the user about the url, which can be provided runtime during provisioning? – nihalnaik Aug 12 '16 at 12:06
  • Yes, the vault would be created ahead of time by the admin, and you would need to set properties on that vault (sample: https://gist.github.com/bmoore-msft/710284c0bd791a688e21). Then give the end user the url of the vault, or if you used the same vault for all users, you could separate users by the secret name (probably simpler that way). So you'd have one vault for all users and different secrets for each user. And the users never need access to the vault, only the user (or service principal) would need access. – bmoore-msft Aug 13 '16 at 14:30