1

I have a simple DSC Config file that contains a credential and string input parameter. I want this DSC configuration deployed with a VM deployed in an ARM template but am missing the concept of how to pass these two parameters securely. How do I accomplish this?

enter image description here

ChiliYago
  • 11,341
  • 23
  • 79
  • 126

2 Answers2

1

I was receiving the same error but, after some shenanigans, it is working for me. The important part is the settings/Properties/SqlAgentCred/password reference to protectedSettings/Items/AgentPassword. Below is the properties node under my Powershell.DSC extension resource in my template.

"properties": {
        "publisher": "Microsoft.Powershell",
        "type": "DSC",
        "typeHandlerVersion": "2.17",
        "autoUpgradeMinorVersion": false,
        "settings": {
                "ModulesUrl": "https://blobstore.blob.core.windows.net/windows-powershell-dsc/DBServer.ps1.zip",
                "ConfigurationFunction": "DBServer.ps1\\DBServer",
                "Properties": {
                    "SqlAgentCred": {
                            "userName": "user@domain.com",
                            "password": "PrivateSettingsRef:AgentPassword"
                        }
                },
                "WmfVersion": "latest",
                "Privacy": {
                        "DataCollection": "Disable"
                }
        },
        "protectedSettings": {
                "Items": {
                    "AgentPassword": "Pa$$word"
                },
                "DataBlobUri": ""
        }
}
sirdank
  • 3,351
  • 3
  • 25
  • 58
0

You will specify protected settings under protectedsettings section. Anything under ProtectedSettings are sent encrypted. Check https://blogs.msdn.microsoft.com/powershell/2016/02/26/arm-dsc-extension-settings/ for details.

N.Gupta
  • 326
  • 1
  • 5
  • This is a good reference and a start but not entirely clear. My DSC configuration has required PSCredential object. If I simply add a "Credential" object in the ProtectedSettings.configurationArguments property by adding a userName and password property the DSC configuration fails because it cannot find the Credential parameter. – ChiliYago Sep 30 '16 at 21:10
  • Hello, it sounds like what you are doing should work. Would you post the value of protectedSettings you used in your template, and the error reported by the extension? Thanks! – Norberto Arrieta Oct 03 '16 at 21:38
  • @NorbertoArrieta I'm having the same problem. Here is my protectedSettings section:`"protectedSettings": { "configurationArguments": { "SqlAgentCred": { "userName": "user@domain.com", "password": "password" } }, "DataBlobUri": "" }` – sirdank Dec 22 '16 at 15:39
  • @sirdank They look OK. What is the error reported by the extension? thanks – Norberto Arrieta Dec 23 '16 at 23:37
  • @NorbertoArrieta Sorry, I'm unable to find the original error. I did get it working though. See my answer to this question. – sirdank Dec 27 '16 at 13:10