Install multiple versions of cert from KV in Azure Resource Manager (ARM)

Question

I'm using the secrets part of osProfile to install the certs I need from a given keyvault.

It looks something like this:

"secrets": [
    {
        "sourceVault": {
            "id": "[parameters('sourceVault')]"
        },
        "copy": [
            {
                "name": "vaultCertificates",
                "count": "[length(variables('certificatesToInstall'))]",
                "input": {
                    "certificateStore": "[variables('certificateStore')]",
                    "certificateUrl": "[reference(resourceId(parameters('subscriptionId'), parameters('resourceGroupName'), 'Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), variables('certificatesToInstall')[copyIndex('vaultCertificates')]), '2016-10-01').secretUriWithVersion]"
                }
            }
        ]
    }
]

Which worked fine. However now I need to make sure that more than one version of the same cert is installed on the machine (current one and the previous).

Things I've tried:

Listing a certificate to get its versions directly from ARM. There seems to be no support for this for generic KV as per the docs
Adding the full version of the cert to the resourceId function. This fails when deploying.

Any idea on how to reference previous versions of a cert inside ARM file?

you will need to pass the versions as parameters of the arm template i think — Thomas, Aug 24 '21 at 06:09
@Thomas nailed it - you have to pass them in, versions aren't exposed in the control plane. — bmoore-msft, Aug 25 '21 at 20:16

score 0 · Answer 1 · answered Aug 26 '21 at 11:11

0

check the below code on how to define the variable with secret's resource id

"mySecretResourceId": "[concat(resourceGroup().id,'/providers/Microsoft.KeyVault/vaults/', variables('keyVaultName'), '/secrets/', 'my-secret-name')]"

Then below code can be used in your template

"certificateUrl": "[reference(variables('mySecretResourceId'), '2018-02-14').secretUriWithVersion]"

You can also go through this SO which is having related discussions.

Also Check this git hub link.

answered Aug 26 '21 at 11:11

SaiSakethGuduru

2,218
1
5
15

I'm not sure I follow. The problem here is that I'm referencing **only** the latest version of the cert, and I want to reference at least the one before it as well so that I can make sure that I have them both on the machine while running. – abigicic Aug 26 '21 at 14:53

Install multiple versions of cert from KV in Azure Resource Manager (ARM)

1 Answers1