sdk/keyvault/Azure.Provisioning.KeyVault/README.md
Azure.Provisioning.KeyVault simplifies declarative resource provisioning in .NET.
Install the client library for .NET with NuGet:
dotnet add package Azure.Provisioning.KeyVault
You must have an Azure subscription.
This library allows you to specify your infrastructure in a declarative style using dotnet. You can then use azd to deploy your infrastructure to Azure directly without needing to write or maintain bicep or arm templates.
This example demonstrates how to create a Key Vault and store a secret, based on the Azure quickstart template.
Infrastructure infra = new();
ProvisioningParameter skuName =
new(nameof(skuName), typeof(string))
{
Value = KeyVaultSkuName.Standard,
Description = "Vault type"
};
infra.Add(skuName);
ProvisioningParameter secretValue =
new(nameof(secretValue), typeof(string))
{
Description = "Specifies the value of the secret that you want to create.",
IsSecure = true
};
infra.Add(secretValue);
ProvisioningParameter objectId =
new(nameof(objectId), typeof(string))
{
Description = "Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault."
};
infra.Add(objectId);
ProvisioningVariable tenantId =
new(nameof(tenantId), typeof(string))
{
Value = BicepFunction.GetSubscription().TenantId
};
infra.Add(tenantId);
KeyVaultService kv =
new(nameof(kv), KeyVaultService.ResourceVersions.V2023_07_01)
{
Properties =
new KeyVaultProperties
{
Sku = new KeyVaultSku { Name = skuName, Family = KeyVaultSkuFamily.A, },
TenantId = tenantId,
EnableSoftDelete = true,
SoftDeleteRetentionInDays = 90,
AccessPolicies =
{
new KeyVaultAccessPolicy
{
ObjectId = objectId,
TenantId = tenantId,
Permissions =
new IdentityAccessPermissions
{
Keys = { IdentityAccessKeyPermission.List },
Secrets = { IdentityAccessSecretPermission.List }
}
}
},
NetworkRuleSet =
new KeyVaultNetworkRuleSet
{
DefaultAction = KeyVaultNetworkRuleAction.Allow,
Bypass = KeyVaultNetworkRuleBypassOption.AzureServices
}
}
};
infra.Add(kv);
KeyVaultSecret secret =
new(nameof(secret), KeyVaultSecret.ResourceVersions.V2023_07_01)
{
Parent = kv,
Name = "myDarkNecessities",
Properties = new SecretProperties { Value = secretValue }
};
infra.Add(secret);
infra.Add(new ProvisioningOutput("name", typeof(string)) { Value = kv.Name });
infra.Add(new ProvisioningOutput("resourceId", typeof(string)) { Value = kv.Id });
infra.Add(new ProvisioningOutput("vaultUri", typeof(string)) { Value = kv.Properties.VaultUri });
For details on contributing to this repository, see the contributing guide.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (for example, label, comment). Follow the instructions provided by the bot. You'll only need to do this action once across all repositories using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any other questions or comments.
<!-- LINKS -->