Here is the module I am currently using:
// Parameters for the module
param appName string // Name of the existing Web App
param storageAccountName string // Name of the existing Storage Account
// Non-editable variables
var shareName = 'shared'
var mountPath = '/mounts/shared'
// Reference to the existing Web App
resource webApp 'Microsoft.Web/sites@2023-12-01' existing = {
name: appName
}
// Reference to the existing storage account
resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
name: storageAccountName
}
resource storageSetting 'Microsoft.Web/sites/config@2021-01-15' = {
name: 'azurestorageaccounts'
parent: webApp
properties: {
'${shareName}': {
type: 'AzureFiles'
shareName: shareName
mountPath: mountPath
accountName: storageAccount.name
accessKey: storageAccount.listKeys().keys[0].value
}
}
}
However, I’d like to use key vault reference like how it can be manually done in the Azure portal.
Is this possible?
2
Answers
To achieve this requirement, you need to store the storage account as secret and grant necessary permission for the webapp to access the keyvault and make sure to use of
@Microsoft.KeyVault
Deployment:
Deployment:
refer:
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli
https://learn.microsoft.com/en-us/azure/app-service/configure-connect-to-azure-storage?tabs=basic%2Cportal&pivots=container-linux
Assuming that the connection string is already stored in key vault and that your app service has secret read permission over the key vault.