3

I am trying to output a secret created in one linked template and reference this as a parameter in another. Test scenario:

{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "templateBaseUrl": { "type": "string" } }, "variables": { "deployment1url": "[concat(parameters('templateBaseUrl'), '/deployment1.json')]", "deployment2url": "[concat(parameters('templateBaseUrl'), '/deployment2.json')]" }, "resources": [ { "apiVersion": "2017-08-01", "name": "deployment1", "dependsOn": [], "type": "Microsoft.Resources/deployments", "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('deployment1url')]", "contentVersion": "1.0.0.0" }, "parameters": {} } }, { "apiVersion": "2017-08-01", "name": "deployment2", "dependsOn": [], "type": "Microsoft.Resources/deployments", "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('deployment2url')]", "contentVersion": "1.0.0.0" }, "parameters": { "testInput2": { "value": "[reference('deployment1').outputs.testOutput1.value]" } } } } ], "outputs": {} }

Deployment1:

{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { }, "resources": [], "outputs": { "testOutput1": { "type": "securestring", "value": "thisisapassword" } } }

Deployment2:

{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "testInput2": { "type": "securestring" } }, "resources": [], "outputs": {} }

Running this scenario throws the error "Unable to process template language expressions for resource '/subscriptions//resourceGroups/testrg1/providers/Microsoft.Resources/deployments/deployment2' at line '34' and column '9'. 'The language expression property 'value' doesn't exist, available properties are 'type'.'"

So '.value' on the securestring output doesn't work, if I change the reference parameter to 

"testInput2": { "value": "[reference('deployment1').outputs.testOutput1]" }

the errors changes to 'Deployment template validation failed: 'The provided value for the template parameter 'testInput2' at line '5' and column '23' is not valid.'.'

Is it possible to achieve what I am doing?

Thanks in advance

Improve this question

1 Answer 1

Reset to default
4

I think the only way to pass secureStrings across deployments is using a KeyVault reference. The secureString output isn't very useful in that securestrings are masked by ARM at the deployment level.

That help?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.