is there a way to add encryption (CMK-Customer Managed Keys) and Vnet integration to Azure Speech service (Cognitive) through ARM template

Question

"encryption": {
      "keyVaultProperties": {
        "keyName": "string",
        "keyVersion": "string",
        "keyVaultUri": "string"
      },

Can we achieve this with in the ARM template.

score 1 · Answer 1 · answered May 26 '21 at 21:49

Yes you do this with ARM template. The following template allow you to add CMK and Vnet setting on an existing Speech resource. Before run this template, you need to create the KeyVault & Key, configure the access policy to allow system assigned identity of the Speech resource to have "read,wrap,unwrap" permissions for keys. For any resource, you can always use "Export template" from the resource menu in Azure Portal to export ARM template and make slight changes for the ARM template deployment.

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
    "accounts_speech_name": {
        "type": "String"
    },
    "keyvaultUri": {
        "type": "String"
    },
    "keyName": {
        "type": "String"
    },
    "keyVersion": {
        "type": "String"
    },
    "virtualNetworks_cmk_test_externalid": {
        "type": "String"
    }
},
"variables": {},
"resources": [
    {
        "type": "Microsoft.CognitiveServices/accounts",
        "apiVersion": "2017-04-18",
        "name": "[parameters('accounts_speech_name')]",
        "location": "eastus",
        "sku": {
            "name": "S0"
        },
        "kind": "SpeechServices",
        "identity": {
            "type": "SystemAssigned",
            "userAssignedIdentities": {}
        },
        "properties": {
            "customSubDomainName": "[parameters('accounts_speech_name')]",
            "networkAcls": {
                "defaultAction": "Deny",
                "virtualNetworkRules": [
                    {
                        "id": "[concat(parameters('virtualNetworks_cmk_test_externalid'), '/subnets/default')]",
                        "ignoreMissingVnetServiceEndpoint": false
                    }
                ],
                "ipRules": []
            },
            "encryption": {
                "keySource": "Microsoft.Keyvault",
                "keyVaultProperties": {
                    "keyName": "[parameters('keyName')]",
                    "keyVersion": "[parameters('keyVersion')]",
                    "keyVaultUri": "[parameters('keyVaultUri')]"
                }
            },
            "privateEndpointConnections": [],
            "publicNetworkAccess": "Enabled"
        }
    }
]

}

Can we do this on a new speech service at the time of creation — twinkle hema, May 27 '21 at 08:48

score 0 · Answer 2 · answered May 25 '21 at 15:30

0

this is Darren from Microsoft Speech Services team. Thank you for your question. Please include more detailed information on what you are trying to build, as it is unclear to me. Is this about deploying a speech service as a Docker container to your environment? What is the CMK and Vnet integration used for? Once you provide more details, I will find the right folks to answer.

answered May 25 '21 at 15:30

Darren Cohen

126
6

This for infra provisioning to create a speech service using ARM Template – twinkle hema May 26 '21 at 06:08

is there a way to add encryption (CMK-Customer Managed Keys) and Vnet integration to Azure Speech service (Cognitive) through ARM template

2 Answers2