Deploy a Secure Key Vault and Cryptographic Key Using ARM Templates and Azure CLI

INTRODUCTION

This article will teach you how to deploy an Azure Key Vault and a cryptographic key using ARM (Azure Resource Manager) Templates and Azure CLI. Azure CLI is a command-line tool for managing Azure resources, and ARM Templates are JSON files that provide the setup and infrastructure for your Azure resources.

PROCEDURE

Step 1: Set Up Your Environment

1. Install Azure CLI: If you don’t already have it, install the Azure CLI.
2. Log in to Azure: Open your terminal or command prompt and login to your Azure account using:

az login

Step 2: Create a Resource Group

az group create --name key-rg --location eastus

Step 3: Prepare the ARM Template
ARM Templates are JSON files that define the resources you want to deploy. Here’s a simple example of a template (template.json) to create a Key Vault and a key:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2021-04-01-preview",
      "name": "myKeyVault123",
      "location": "[resourceGroup().location]",
      "properties": {
        "sku": {
          "name": "standard",
          "family": "A"
        },
        "tenantId": "[subscription().tenantId]",
        "accessPolicies": [],
        "enabledForDeployment": false,
        "enabledForDiskEncryption": false,
        "enabledForTemplateDeployment": false
      }
    },
    {
      "type": "Microsoft.KeyVault/vaults/keys",
      "apiVersion": "2021-04-01-preview",
      "name": "myKeyVault123/myKey",
      "properties": {
        "kty": "RSA",
        "keySize": 2048,
        "keyOps": ["encrypt", "decrypt", "sign", "verify"],
        "attributes": {
          "enabled": true
        }
      }
    }
  ]
}

Step 4: Deploy the Template
Use the following command to deploy the template:

az deployment group create --resource-group key-rg --template-file template.json

Step 5: Verify the Deployment
1.Check if the Key Vault was created:

az keyvault show --name myKeyVault123 --resource-group key-rg

2.Verify the key inside the Key Vault:

az keyvault key show --vault-name myKeyVault123 --name myKey

3.Create Azure’s role-based access control (RBAC) access

4.Assign job function role

5.Select members

6.Confirm RBAC Keyvault operation access

7.Confirm RBAC Key operation access

1. Download public key

CONCLUSION

ARM Templates and Azure CLI are essential tools for defining and deploying infrastructure, ensuring consistency and repeatability, and providing a quick, scriptable interface for automation.