AzSDKStaging

2.9.13

Framework/Configurations/SVT/SampleARMTemplates/KeyVaultTemplate_ARM.json

                                {

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

  "contentVersion": "1.0.0.0",

  "parameters": {

    "keyVaultName": {

      "type": "string",

      "metadata": {

        "description": "Name of the Key Vault"

      }

    },

    "tenantId": {

      "type": "string",

      "metadata": {

        "description": "Tenant Id for the subscription and use assigned access to the vault. Available from the Get-AzureRMSubscription PowerShell cmdlet"

      }

    },

    "accessPolicies": {

      "type": "array",

      "defaultValue": [ ],

      "metadata": {

        "description": "Access policies object to define access policies"

      }

    },

    "vaultSku": {

      "type": "string",

      "defaultValue": "Standard",

      "allowedValues": [

        "Standard",

        "Premium"

      ],

      "metadata": {

        "description": "SKU for the vault"

      }

    },

    "enabledForDeployment": {

      "type": "bool",

      "defaultValue": false,

      "metadata": {

        "description": "Specifies if the vault is enabled for VM or Service Fabric deployment"

      }

    },

    "enabledForTemplateDeployment": {

      "type": "bool",

      "defaultValue": false,

      "metadata": {

        "description": "Specifies if the vault is enabled for ARM template deployment"

      }

    },

    "enableVaultForVolumeEncryption": {

      "type": "bool",

      "defaultValue": false,

      "metadata": {

        "description": "Specifies if the vault is enabled for volume encryption"

      }

    },

    "storageAccountNameForDiagnostics": {

      "type": "string",

      "metadata": {

        "description": "Name of the Storage Account in which Diagnostic Logs should be saved."

      }

    }

  },

  "resources": [

    {

      "type": "Microsoft.KeyVault/vaults",

      "name": "[parameters('keyVaultName')]",

      "apiVersion": "2015-06-01",

      "location": "[resourceGroup().location]",

      "resources": [

           {

      "type": "providers/diagnosticSettings",//[Azure_KeyVault_Audit_Enable_Diagnostics_Log]

      "name": "Microsoft.Insights/service",

      "dependsOn": [

        "[resourceId('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"

      ],

      "apiVersion": "2015-07-01",

      "properties": {

        "storageAccountId":"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountNameForDiagnostics'))]",

        "logs": [

          {

            "category": "AuditEvent",

            "enabled": true,

            "retentionPolicy": {

              "days": 365,

              "enabled": true

            }

          }

        ],

        "metrics": [

          {

            "timeGrain": "PT1M",

            "enabled": true,

            "retentionPolicy": {

              "enabled": true,

              "days": 365

            }

          }

        ]

      }

    }

        ],

      "tags": {

        "displayName": "KeyVault"

      },

      "properties": {

        "enabledForDeployment": "[parameters('enabledForDeployment')]",

        "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",//[Azure_KeyVault_AuthZ_Configure_Advanced_Access_Policies]

        "enabledForVolumeEncryption": "[parameters('enableVaultForVolumeEncryption')]",//[Azure_KeyVault_AuthZ_Configure_Advanced_Access_Policies]

        "tenantId": "[parameters('tenantId')]",

        "accessPolicies": "[parameters('accessPolicies')]",//[Azure_KeyVault_AuthZ_Grant_Min_Access_policies]

        "sku": {

          "name": "[parameters('vaultSku')]",

          "family": "A"

         }

        } 

    }

  ]

}