Create Azure Key Vault With Bicep

This Bicep blog post will show a deployment code for Azure Key Vault using a Bicep template.

About Bicep

Azure Bicep is a DSL (Domain specific language) programming language for deploying resources in Azure. It allows us to define the infrastructure as code and reuse it multiple times.

The main advantage of Bicep compared to other IAC languages is its immediate support of resources in Azure (including preview and GA).

Bicep also provides a smooth authoring experience of template files using Intellisense when using VS code.

When authoring template files, there is no need to order the deployment code; Bicep is smart enough to orchestrate the deployment order correctly for you.

Azure Key Vault

The following Bicep template creates a Key Vault. Line number 13 needs the objectId of the user or group that will need access to Key Vault. You will find the objectId in Azure Active Directory user or group details.

param location string = resourceGroup().location
resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
  name: 'nbiceplab'
  location: location
  properties: {
    enabledForDeployment: true
    enabledForTemplateDeployment: true
    enabledForDiskEncryption: true
    tenantId:  tenant().tenantId
    accessPolicies: [
        tenantId: tenant().tenantId
        objectId: 'OBJECT ID GOES HHERE'  
        permissions: {
          keys: [
          secrets: [
    sku: {
      name: 'standard'
      family: 'A'

Use the following Azure CLI command to deploy the Key Vault.

az deployment group create  --name  vars  --template-file 18.key_vault.bicep  --resource-group biceplab

Success! You're on the list.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.