"encryption": {
"keyVaultProperties": {
"keyName": "string",
"keyVersion": "string",
"keyVaultUri": "string"
},
我们可以在 ARM 模板中实现这一点吗?
2 回答
1
是的,您使用 ARM 模板执行此操作。以下模板允许您在现有语音资源上添加 CMK 和 Vnet 设置。在运行此模板之前,您需要创建 KeyVault 和密钥,配置访问策略以允许系统分配的语音资源标识对密钥具有“读取、包装、解包”权限。对于任何资源,您始终可以使用 Azure 门户中资源菜单中的“导出模板”来导出 ARM 模板,并对 ARM 模板部署进行轻微更改。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accounts_speech_name": {
"type": "String"
},
"keyvaultUri": {
"type": "String"
},
"keyName": {
"type": "String"
},
"keyVersion": {
"type": "String"
},
"virtualNetworks_cmk_test_externalid": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.CognitiveServices/accounts",
"apiVersion": "2017-04-18",
"name": "[parameters('accounts_speech_name')]",
"location": "eastus",
"sku": {
"name": "S0"
},
"kind": "SpeechServices",
"identity": {
"type": "SystemAssigned",
"userAssignedIdentities": {}
},
"properties": {
"customSubDomainName": "[parameters('accounts_speech_name')]",
"networkAcls": {
"defaultAction": "Deny",
"virtualNetworkRules": [
{
"id": "[concat(parameters('virtualNetworks_cmk_test_externalid'), '/subnets/default')]",
"ignoreMissingVnetServiceEndpoint": false
}
],
"ipRules": []
},
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyVaultProperties": {
"keyName": "[parameters('keyName')]",
"keyVersion": "[parameters('keyVersion')]",
"keyVaultUri": "[parameters('keyVaultUri')]"
}
},
"privateEndpointConnections": [],
"publicNetworkAccess": "Enabled"
}
}
]
}
于 2021-05-26T21:49:18.233 回答
0
这是来自 Microsoft 语音服务团队的 Darren。谢谢你的问题。请提供有关您要构建的内容的更多详细信息,因为我不清楚。这是关于将语音服务作为 Docker 容器部署到您的环境吗?CMK 和 Vnet 集成的用途是什么?一旦你提供更多细节,我会找到合适的人来回答。
于 2021-05-25T15:30:54.397 回答