Public/Deploy/Core/keyvault/New-CmAzCoreKeyVault.json
|
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "KeyvaultDetails": { "type": "SecureObject" }, "ObjectID": { "type": "String" }, "Workspace": { "type": "Object" } }, "resources": [ { "name": "[concat('KeyvaultTemplates', copyIndex('KeyVaultCopy'))]", "type": "Microsoft.Resources/Deployments", "apiVersion": "2019-10-01", "properties": { "mode": "Incremental", "expressionEvaluationOptions": { "scope": "inner" }, "parameters": { "Keyvault": { "value": "[parameters('KeyvaultDetails').keyVaults[copyIndex('KeyVaultCopy')]]" }, "ObjectId": { "value": "[parameters('ObjectId')]" }, "WorkspaceInner": { "value": "[parameters('Workspace')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "Keyvault": { "type": "SecureObject" }, "ObjectId": { "type": "String" }, "WorkspaceInner": { "type": "Object" } }, "variables": { "workspaceRetentionPolicy": { "enabled": true, "days": 30 } }, "resources": [ { "name": "[parameters('Keyvault').name]", "type": "Microsoft.KeyVault/Vaults", "apiVersion": "2016-10-01", "location": "[parameters('Keyvault').location]", "tags": { "cm-service": "[parameters('Keyvault').service.publish.keyvault]" }, "properties": { "enabledForDeployment": true, "enabledForTemplateDeployment": true, "enabledForDiskEncryption": true, "tenantId": "[subscription().tenantId]", "accessPolicies": [ { "tenantId": "[subscription().tenantId]", "objectId": "[parameters('ObjectId')]", "permissions": { "keys": [ "encrypt", "decrypt", "wrapKey", "unwrapKey", "sign", "verify", "get", "list", "create", "update", "import", "delete", "backup", "restore", "recover" ], "secrets": [ "get", "list", "set", "delete", "backup", "restore", "recover" ], "certificates": [ "get", "list", "delete", "create", "import", "update", "backup", "restore", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "recover" ], "storage": [ "get", "list", "delete", "set", "update", "regeneratekey", "setsas", "listsas", "getsas", "deletesas" ] } } ], "enableSoftDelete": "[parameters('Keyvault').enableSoftDelete]", "softDeleteRetentionInDays": "[parameters('Keyvault').softDeleteRetentionInDays]", "enablePurgeProtection": "[parameters('Keyvault').enablePurgeProtection]", "sku": { "name": "standard", "family": "A" } } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2019-09-01", "name": "[concat(parameters('Keyvault').name, '/', parameters('Keyvault').secrets[copyIndex('SecretCopy')].name)]", "location": "[resourceGroup().location]", "dependsOn": [ "[parameters('Keyvault').name]" ], "properties": { "value": "[parameters('Keyvault').secrets[copyIndex('SecretCopy')].value]" }, "copy": { "name": "SecretCopy", "count": "[length(parameters('Keyvault').secrets)]" } }, { "type": "Microsoft.KeyVault/Vaults/Providers/DiagnosticSettings", "name": "[concat(parameters('Keyvault').name, '/Microsoft.Insights/Service')]", "apiVersion": "2016-09-01", "location": "[parameters('Keyvault').location]", "dependsOn": [ "[parameters('Keyvault').name]" ], "properties": { "workspaceId": "[resourceId(parameters('WorkspaceInner').resourceGroupName, 'Microsoft.OperationalInsights/Workspaces', parameters('WorkspaceInner').name)]", "logs": [ { "category": "AuditEvent", "enabled": true, "retentionPolicy": "[variables('workspaceRetentionPolicy')]" } ] } } ] } }, "copy": { "name": "KeyVaultCopy", "count": "[length(parameters('KeyvaultDetails').keyVaults)]" } } ] } |