Creating an azure keyvault secret without value?

Question

I'm wondering if it's possible to create an Azure Keyvault Secret without passing a value.

I'm using an ARM template in "Complete" mode.

I just want to create the secret but pass my value later in through the portal. The problem now is that it's overwritten by the ARM template on thr next deployment.

score 3 · Accepted Answer · answered Sep 10 '20 at 05:43

3

In general, if you set secrets/settings through ARM template, then that should be the method you do it through. As you noticed, manual modifications will be overwritten by the ARM template.

I would recommend setting the actual value through the ARM template. In Azure DevOps Pipelines for example, you can set secrets in variable groups, and then pass that as a securestring type parameter to the ARM template.

answered Sep 10 '20 at 05:43

juunas

54,244
13
113
149

Doesn't that contradict the entire point of storing secrets in your vault? The pipeline variables have no auditing and i assume most people create key vaults in order to store their keys in one place whereas before they might have them spread out in pipeline library groups, arm templates, settings files etc. – user1531921 Mar 02 '23 at 04:36

Creating an azure keyvault secret without value?

1 Answers1

Linked