-
|
I'm trying to add an option to deploy secrets along with a Key Vault module deployment. I want the user to pass an array of keyVaultSecrets during deployment, but sometimes no secrets are required when deploying the kv module. I have this code for the secrets: var deploySecrets = false
resource kvSecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = [for pair in keyVaultSecret: if(deploySecrets) {
name: '${kv.name}/${pair.name}'
properties: {
value: pair.value
}
}]Unfortunately the first part of the loop [CopyIndex()] gets evaluated first and stops the deployment. How can I evaluate whether to deploy the secrets or not in this situation? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
There are workarounds discussed here: Hoping we get this resolved in the next 3 months, but it is a very low level change so we need to be careful with it. |
Beta Was this translation helpful? Give feedback.
-
|
Wrapping the secrets in a module as suggested by @miqm in #1754 works. Looks like this: module kvSecret 'keyVaultSecret.bicep' = if(!empty(keyVaultSecret)){
name: 'secretDeploy'
params: {
keyVaultName: kv.name
keyVaultSecret: keyVaultSecret
}
} |
Beta Was this translation helpful? Give feedback.
-
|
Hi @Agazoth since you have now resolved this discussion, would you mind marking it as 'answered' ? |
Beta Was this translation helpful? Give feedback.
Wrapping the secrets in a module as suggested by @miqm in #1754 works. Looks like this: