Does anyone have some ideas/samples of how I can create a storage account policy and off that a SAS token - allowing the rest of my build pipeline to use that as a connection string? End goal: don't expose the account keys, make it possible for the build pipeline to publish a nuget package (via sleet - which uses a connection string).
That is valuable info, now it makes sense why I can't find the API calls 🙂 I'll take a look at your advice or just script the whole part - its a bootstrapping phase anyway so won't happen often (still don't like the taste but I don't have all day either). Thank you!
instead I spent the day fighting with Azure - in terms of how to get a service principal to be created, such that it can be used by the rest of the pulumi service + pipeline for keyvault and resource creation and RBAC. Boy it was frustrating.