KeyVault for CDK #42349
Description
Creating this as a tracking issue for problems we are seeing in the KeyVault API for CDK.
Give the following CDK code:
var keyVault = construct.AddKeyVault(name: "mykv");
var secret = new KeyVaultSecret(construct, name: "mysecret");We get the following Bicep:
targetScope = 'resourceGroup'
@description('')
param location string = resourceGroup().location
resource keyVault_OlyAsQ0DX 'Microsoft.KeyVault/vaults@2023-02-01' = {
name: 'mykv-temp'
location: location
properties: {
tenantId: tenant().tenantId
sku: {
name: 'standard'
family: 'A'
}
enableRbacAuthorization: true
}
}
resource keyVaultSecret_dPFd3FfoI 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
parent: keyVault_OlyAsQ0DX
name: 'mysecret'
location: location
properties: {
value: '00000000-0000-0000-0000-000000000000'
}
}
output vaultUri string = keyVault_OlyAsQ0DX.properties.vaultUri
- How do we set a secret's value via the CDK; we anticipate that people will want to set secrets during deployment to capture parameter values. #42350
- KeyVault name should be generated based on the RG and resource name:
toLower(take(concat('mykv', uniqueString(resourceGroup().id)), 24))#42351 - We need role definitions for KeyVault in CDK. #42352
### Tasks
- [ ] https://github.com/Azure/azure-sdk-for-net/issues/42350
- [ ] https://github.com/Azure/azure-sdk-for-net/issues/42351
- [ ] https://github.com/Azure/azure-sdk-for-net/issues/42352
- [ ] https://github.com/Azure/azure-sdk-for-net/issues/42357
- [ ] https://github.com/Azure/azure-sdk-for-net/issues/42392