Using Azure Keyvault secrets with ARM templates

In my previous blog post I described how to deploy an VM using DevOps, fast and simple. But ofcourse you don’t want to store secrets in parameters files!

Open your parameter file and search for adminPassword.

It should look something like:

"adminPassword": {
                   "value": "This1sReallyReallyNotMyP@ssw0rd!"


Now replace it with the following

"adminPassword": {
    "reference": {
      "keyVault": {
      "id": "/subscriptions/<subscrcode>/resourceGroups/<rgkv>/providers/Microsoft.KeyVault/vaults/kvName"
     "secretName": "YourAdministratorPasswordAndthenameofyoursecret"

subscrcode = the code of the Azure Subscription
rgkv = resource group where your keyvault resides
knName = name of your Keyvault


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.