Here is the module I am currently using:
// Parameters for the module
param appName string // Name of the existing Web App
param storageAccountName string // Name of the existing Storage Account
// Non-editable variables
var shareName = 'shared'
var mountPath = '/mounts/shared'
// Reference to the existing Web App
resource webApp 'Microsoft.Web/sites@2023-12-01' existing = {
name: appName
}
// Reference to the existing storage account
resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
name: storageAccountName
}
resource storageSetting 'Microsoft.Web/sites/config@2021-01-15' = {
name: 'azurestorageaccounts'
parent: webApp
properties: {
'${shareName}': {
type: 'AzureFiles'
shareName: shareName
mountPath: mountPath
accountName: storageAccount.name
accessKey: storageAccount.listKeys().keys[0].value
}
}
}
However, I'd like to use key vault reference like how it can be manually done in the Azure portal.
Is this possible?
Assuming that the connection string is already stored in key vault and that your app service has secret read permission over the key vault.
resource webApp 'Microsoft.Web/sites@2023-12-01' = {
name: appName
...
properties: {
...
siteConfig: {
appSettings: [
{
name: 'StorageconnectionString'
value: '@Microsoft.KeyVault(VaultName=<key vault name>;SecretName=<name of the connectionstring secret>)'
}
...
]
}
}
}
resource storageSetting 'Microsoft.Web/sites/config@2021-01-15' = {
name: 'azurestorageaccounts'
parent: webApp
properties: {
'${shareName}': {
type: 'AzureFiles'
shareName: shareName
mountPath: mountPath
accountName: storageAccount.name
accessKey: '@AppSettingRef(StorageconnectionString)'
}
}
}