DEV Community

Cover image for Deploy a Secure Key Vault and Cryptographic Key Using ARM Templates and Azure CLI
Oluwatobiloba Akinbobola
Oluwatobiloba Akinbobola

Posted on

Deploy a Secure Key Vault and Cryptographic Key Using ARM Templates and Azure CLI

INTRODUCTION

This article will teach you how to deploy an Azure Key Vault and a cryptographic key using ARM (Azure Resource Manager) Templates and Azure CLI. Azure CLI is a command-line tool for managing Azure resources, and ARM Templates are JSON files that provide the setup and infrastructure for your Azure resources.

PROCEDURE

Step 1: Set Up Your Environment

  1. Install Azure CLI: If you don’t already have it, install the Azure CLI.
  2. Log in to Azure: Open your terminal or command prompt and login to your Azure account using:
az login
Enter fullscreen mode Exit fullscreen mode

Step 2: Create a Resource Group

az group create --name key-rg --location eastus
Enter fullscreen mode Exit fullscreen mode

VScode template

Step 3: Prepare the ARM Template
ARM Templates are JSON files that define the resources you want to deploy. Here’s a simple example of a template (template.json) to create a Key Vault and a key:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2021-04-01-preview",
      "name": "myKeyVault123",
      "location": "[resourceGroup().location]",
      "properties": {
        "sku": {
          "name": "standard",
          "family": "A"
        },
        "tenantId": "[subscription().tenantId]",
        "accessPolicies": [],
        "enabledForDeployment": false,
        "enabledForDiskEncryption": false,
        "enabledForTemplateDeployment": false
      }
    },
    {
      "type": "Microsoft.KeyVault/vaults/keys",
      "apiVersion": "2021-04-01-preview",
      "name": "myKeyVault123/myKey",
      "properties": {
        "kty": "RSA",
        "keySize": 2048,
        "keyOps": ["encrypt", "decrypt", "sign", "verify"],
        "attributes": {
          "enabled": true
        }
      }
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Step 4: Deploy the Template
Use the following command to deploy the template:

az deployment group create --resource-group key-rg --template-file template.json
Enter fullscreen mode Exit fullscreen mode

Step 5: Verify the Deployment
1.Check if the Key Vault was created:

az keyvault show --name myKeyVault123 --resource-group key-rg
Enter fullscreen mode Exit fullscreen mode

2.Verify the key inside the Key Vault:

az keyvault key show --vault-name myKeyVault123 --name myKey
Enter fullscreen mode Exit fullscreen mode

Verify Key vault
3.Create Azure’s role-based access control (RBAC) access
rbac
4.Assign job function role
key role
5.Select members
key members
6.Confirm RBAC Keyvault operation access
RBAC1
7.Confirm RBAC Key operation access
RBAC-KEY access

  1. Download public key Download key

CONCLUSION

ARM Templates and Azure CLI are essential tools for defining and deploying infrastructure, ensuring consistency and repeatability, and providing a quick, scriptable interface for automation.

Image of Datadog

Create and maintain end-to-end frontend tests

Learn best practices on creating frontend tests, testing on-premise apps, integrating tests into your CI/CD pipeline, and using Datadog’s testing tunnel.

Download The Guide

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more