[SOLVED] How can I get the keyvault baseuri in my ARM template?

How can I get the keyvault baseuri in my ARM template?

I'm currently updating my ARM template to add a keyvault and set the baseuri of the created keyvault as an appsetting in my app service template. But I can't seem to find how to get the baseuri through arm reference.

{  
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    *snip*
  },
  "variables": {
    *snip*
    "appServiceApiName": "appServiceName",    
    "keyVaultName": "keyVaultName",
    *snip*
  },
  "resources": [
    *snip*
    {
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2024-12-01-preview",
      "name": "[variables('keyVaultName')]",
      "location": "[parameters('location')]",
      "properties": {
        "sku": {
          "family": "A",
          "name": "Standard"
        },
        "tenantId": "[subscription().tenantId]",
        "accessPolicies": [],
        "enabledForDeployment": true,
        "enabledForDiskEncryption": true,
        "enabledForTemplateDeployment": true,
        "enableSoftDelete": true
      }
    },    
    {
      "apiVersion": "2024-12-01-preview",
      "name": "[concat(variables('keyVaultName'), '/replace')]",
      "type": "Microsoft.KeyVault/vaults/accessPolicies",
      "dependsOn": [
        "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
        "[resourceId('Microsoft.Web/sites', variables('appServiceApiName'))]"
      ],
      "properties": {
        "accessPolicies": [
          {
            "tenantId": "[subscription().tenantId]",
            "objectId": "[reference(resourceId('Microsoft.Web/sites', variables('appServiceApiName')), '2023-01-01', 'Full').identity.principalId]",
            "permissions": {
              *snip*
            }
          }
        ]
      }
    },
    {
      "apiVersion": "2023-01-01",
      "name": "[variables('appServiceApiName')]",
      "type": "Microsoft.Web/sites",
      "location": "[parameters('location')]",
      "kind": "app",
      "identity": {
        "type": "SystemAssigned"
      },
      "tags": {},
      "dependsOn": [
        "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
      ],
      "properties": {
        "name": "[variables('appServiceApiName')]",
        "siteConfig": {
          "appSettings": [
            {
              "name": "KeyVault__BaseUri",
              "value": "[reference(resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName')), '2024-12-01-preview')]"
            }
          ]
        }
      }
    },
    *snip*
  ]
}

As you can see, I'm creating the keyvault, creating the service app, and then updating the keyvault access policies to give my app service access to the keyvault.

But for my app to connect to the keyvault, I need the baseuri to be present in the configuration. I can't really seem to find much information about the available keyvault references.

Can anyone point me in the right direction?

Solution

Looking at the documentation, you should be able to use vaultUri:

"appSettings": [
  {
    "name": "KeyVault__BaseUri",
    "value": "[reference(resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName')), '2024-12-01-preview').vaultUri]"
  }
]