Injecting secret into Azure Windows VM at time of provisioning

Question

I'm using Azure CLI for VM deployment. I've secret which is currently stored in Azure Key Vault which I wanted to store it in C drive of the windows VM. I'm not sure how to perform the same at the time of VM deployment

I've found couple of articles which inject password from key vault as VM password using JSON template but i cannot find any article which guides how to store secret from key vault inside the VM at the time of VM provisioning and using Azure CLI.

Note: It is not a certificate but a secret.

https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#reference-secrets-with-static-id

Hi Gleb, Secret is kubectl config file. which I'll be downloading it on windows VM where kubectl is installed. — aquib.qureshi, Jul 13 '19 at 10:13

score 1 · Accepted Answer · answered Jul 13 '19 at 10:44

1

in this case you can use customdata property of an Azure VM, for example with an ARM template. you'd need to base64 encode the kubeconfig file. it will be available on the vm under c:\something\customdata (I dont remember exactly at this time)

answered Jul 13 '19 at 10:44

4c74356b41

69,186
6
100
141

oh okay, then i would have to fetch the kubectl secret from azure key vault and then put into txt file on Linux. Then using Azure CLI --custom-data parameter I've to pass the kubectl txt file? – aquib.qureshi Jul 13 '19 at 10:50
probably, i dont suggest using azure cli for infrastructure as code. – 4c74356b41 Jul 13 '19 at 11:13

Injecting secret into Azure Windows VM at time of provisioning

1 Answers1