We will be sunsetting Advisor during Jan, 2026 and will instead be providing information in Snyk Security DB.

You can begin to take advantage of Snyk Security DB today for a unified, package-centric experience.

  1. Advisor
  2. @pulumi/azure
  3. functions
  4. @pulumi/azure.keyvault
View all @pulumi/azure analysis

How to use the @pulumi/azure.keyvault function in @pulumi/azure

To help you get started, we’ve selected a few @pulumi/azure examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github pulumi / examples / azure-ts-msi-keyvault-rbac / index.ts View on Github external
"StorageBlobUrl": textBlob.url,
    },

    // A SQL connection string, still without secrets in it
    connectionStrings: [{
        name: "db",
        value: connectionString,
        type: "SQLAzure",
    }],
});

// Work around a preview issue https://github.com/pulumi/pulumi-azure/issues/192
const principalId = app.identity.apply(id => id.principalId || "11111111-1111-1111-1111-111111111111");

// Grant App Service access to KV secrets
const policy = new azure.keyvault.AccessPolicy("app-policy", {
    keyVaultId: vault.id,
    tenantId: tenantId,
    objectId: principalId,
    secretPermissions: ["get"],
});

// Make the App Service the admin of the SQL Server (double check if you want a more fine-grained security model in your real app)
const sqlAdmin = new azure.sql.ActiveDirectoryAdministrator("adadmin", {
    resourceGroupName: resourceGroup.name,
    tenantId: tenantId,
    objectId: principalId,
    login: "adadmin",
    serverName: sqlServer.name,
});

// Grant access from App Service to the container in the storage
github pulumi / examples / azure-ts-msi-keyvault-rbac / index.ts View on Github external
// ASP.NET deployment package
const blob = new azure.storage.ZipBlob("zip", {
    storageAccountName: storageAccount.name,
    storageContainerName: storageContainer.name,
    type: "block",

    content: new pulumi.asset.FileArchive("./webapp/bin/Debug/netcoreapp2.2/publish"),
});

const clientConfig = azure.core.getClientConfig({ async: true });
const tenantId = clientConfig.then(config => config.tenantId);
const currentPrincipal = clientConfig.then(config => config.objectId);

// Key Vault to store secrets (e.g. Blob URL with SAS)
const vault = new azure.keyvault.KeyVault("vault", {
    resourceGroupName: resourceGroup.name,
    skuName: "standard",
    tenantId: tenantId,
    accessPolicies: [{
        tenantId,
        // The current principal has to be granted permissions to Key Vault so that it can actually add and then remove
        // secrets to/from the Key Vault. Otherwise, 'pulumi up' and 'pulumi destroy' operations will fail.
        objectId: currentPrincipal,
        secretPermissions: ["delete", "get", "list", "set"],
    }],
});

// Put the URL of the zip Blob to KV
const secret = new azure.keyvault.Secret("deployment-zip", {
    keyVaultId: vault.id,
    value: azure.storage.signedBlobReadUrl(blob, storageAccount),

@pulumi/azure

A Pulumi package for creating and managing Microsoft Azure cloud resources, based on the Terraform azurerm provider. We recommend using the [Azure Native provider](https://github.com/pulumi/pulumi-azure-native) to provision Azure infrastructure. Azure Nat

GitHub
Apache-2.0
Latest version published 1 month ago

Package Health Score

87 / 100
Full package analysis

Popular @pulumi/azure functions

Similar packages