little-library-54601
07/25/2023, 3:33 PMaz webapp identity assign --name "<your-webapp-name>" --resource-group "myResourceGroup"
Best I can tell, I should set the "Identity" property in my Pulumi code that creates the web app (https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapp/).
If I set the identity type to "system", presumably I don't have to specify the UserAssignedIdentities? And the Identity property on the resulting WebApp object would contain the principal ID needed in the next step of teh tutorial?
After that, the tutorial uses this command to grant the web app (via its managed identity) access to the key vault: az keyvault set-policy --name "<your-keyvault-name>" --object-id "<principalId>" --secret-permissions get list
To do that with Pulumi, do I use the same KeyVault.Vault type that's used to initially create the key vault? And by specifying a different object ID (the principal ID) and set of permissions, the web app
will have the access it needs? Is using the same vault name sufficient to ensure that I'm referencing the same key vault resource as in its initial creation?
One last thing... The first secret I need to set is a json object. This Azure doc: https://learn.microsoft.com/en-us/cli/azure/keyvault/secret?view=azure-cli-latest#az-keyvault-secret-set has this capability:
az keyvault secret set --name MySecretName --vault-name MyKeyVault --file /path/to/file --encoding MyEncoding
i.e. setting the secret directly from a file, which is what my json secret resides in. I don't see anything like that in the Pulumi docs for "Secret": https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/secret/
Is that pretty much up to the Pulumi developer to mimic?
Thanks. Sorry for the length.millions-journalist-34868
07/25/2023, 6:53 PMfuture-breakfast-19791
07/26/2023, 9:26 AM