Securely Store Administrative Password for Azure Resource Manager Template
Question
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.
https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/The correct answer is A, an Azure Key Vault and an access policy.
Explanation:
When deploying virtual machines using an Azure Resource Manager template, it is essential to store secrets like passwords in a secure manner. The recommended approach to store secrets in Azure is to use Azure Key Vault. Azure Key Vault is a cloud-based service that allows you to securely store and manage secrets such as passwords, certificates, and keys.
To prevent the password from being stored in plain text, you can use Azure Key Vault to store the password as a secret. This secret can then be referenced in the Resource Manager template using the Key Vault's URL and the secret's name. The password is then retrieved from the Key Vault during deployment, ensuring that it is not stored in plain text in the template.
To create an Azure Key Vault, you can follow these steps:
- Create a new Key Vault resource in the Azure portal.
- Create a new secret in the Key Vault and set the password value.
- Add an access policy to the Key Vault that grants the necessary permissions to the virtual machines that will use the password.
An access policy controls who can perform specific operations on the Key Vault, such as read and write access. You can grant access to a specific user or service principal, or to an entire Azure AD security group. When the virtual machines are deployed, they can authenticate to the Key Vault using their own identities or using a managed identity. The Key Vault access policy will ensure that only authorized entities can access the password secret.
In summary, to store an administrative password in an Azure Resource Manager template and prevent it from being stored in plain text, you should use an Azure Key Vault and create an access policy that grants the necessary permissions to the virtual machines that will use the password.
