Create Key and Output URL RRS feed

  • Question

  • Hi,

    Anyone know how to do the following using ARM JSON?

    - Add an entry in Key Vault KEYS (with Name, Key Type, RSA Key Size, Activation date, expiration date)
    - Collect the Key Vault Key URL (Key Identifier) as an Output


    Sunday, July 8, 2018 10:48 AM

All replies

  • Hi Chris,
          ARM templates only supports creation of the vault itself,  but not creation of keys, secrets and certificates.  You will need to use commands after the creation to create these objects.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Monday, July 9, 2018 12:17 PM
  • Hi,

    That is not correct. You can indeed create secrets with ARM templates as shown below. I would say if you believe you can't do this you're possibly not the correct person to answer if KEYS can be created. Can you escalate this please:

          "type": "Microsoft.KeyVault/vaults/secrets",
          "name": "[concat(variables('keyVaultName'), '/secretName1)]",
          "apiVersion": "[variables('keyVaultApiVersion')]",
          "properties": {
            "contentType": "text/plain",
            "value": "[variables(secretName1)]"
          "dependsOn": [

    Tuesday, July 10, 2018 3:31 PM

  • @Matt Small Chris is correct. You can create Secrets through ARM template and here is how you could do it

    @Chris Looks like ARM template does not support the creation of Keys. At least I am sure this was the case a couple of years back and think it's the same even now.

    Just tried to export the ARM template from the Azure Portal which has a key, but the template does not show any reference of the key in the vault.


    Please mark posts as answers/helpful if it answers your query. This would be helpful for others facing the same kind of problem

    • Proposed as answer by Rahul P Nath Friday, July 20, 2018 8:23 PM
    Tuesday, July 10, 2018 7:01 PM
  • Thanks @Rahul. Agreed, and I did that same process before opening this post.

    Seems such a trivial thing to implement and even Terraform does it so surprised ARM templates cannot yet.

    Feature request me thinks!

    For now during my deployments I'm using Az Cli to create the key, but long term I'd prefer via ARM templates


    Wednesday, July 11, 2018 9:35 AM