Keeping secrets

Owned by Diego Cesa de Meira (Unlicensed)
Sept 03, 2019
1 min read

Requirement

It is necessary to manage machine passwords without publishing them in version control.

Azure

Azure provides key vaults as a mechanism to solve this problem. They are compatible with ARM templates. A quick guide is provided here:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault

Note that OpenSSL is only used to generate a random password.

These secrets can be read from the azure portal by those who have permissions.

Home > TC-Script-ArcGIS-RG > EgisKeyVault - Secrets >vmAdminPassword

Resource Groups

The initial approach will be to create the key vault manually and reference it in ARM template builds. This means a persistent resource group must be maintained to host the key vault outside of the many EGIS Instances.