Constructing Resource IDs for Azure Key Vaults

C

You reference the key vault in the parameter file, not the template. The following image shows how the parameter file references the secret and passes that value to the template.

To dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment, you can use a combination of template functions to construct the resource ID dynamically.

The function that you can use to construct the resource ID is called resourceId(). This function takes as parameters the subscription ID, resource group name, resource type, resource name, and any additional nested resources, if applicable.

For example, if the name of the key vault is provided as an inline parameter, you can use the following function to construct the resource ID for the key vault:

lessCopy code
resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')) 

This function takes as parameters the resource type Microsoft.KeyVault/vaults and the name of the key vault, which is passed as an inline parameter.

To retrieve the secret from the key vault, you can use the listSecrets() function, which takes as parameters the resource ID of the key vault and the name of the secret.

For example, if the name of the secret is provided as an inline parameter, you can use the following function to retrieve the secret from the key vault:

lessCopy code
listSecrets(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), parameters('secretName')).value[0].secretUri 

This function first constructs the resource ID of the key vault using the resourceId() function, then retrieves the secret using the listSecrets() function, and finally returns the URI of the secret.

Therefore, the correct answer is not listed in the options, and you should use a combination of the resourceId() and listSecrets() functions in the Azure Resource Manager template to construct the resource ID dynamically and retrieve the password from the key vault.