问题描述
"encryption": {
"keyvaultProperties": {
"keyName": "string","keyversion": "string","keyvaultUri": "string"
},我们可以在 ARM 模板中实现这一点吗。
解决方法
是的,您使用 ARM 模板执行此操作。以下模板允许您在现有语音资源上添加 CMK 和 Vnet 设置。在运行此模板之前,您需要创建 KeyVault & Key,配置访问策略以允许系统分配的语音资源标识对密钥具有“读取、打包、解包”权限。对于任何资源,您始终可以使用 Azure Portal 中资源菜单中的“导出模板”导出 ARM 模板,并对 ARM 模板部署进行细微更改。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#","contentVersion": "1.0.0.0","parameters": {
"accounts_speech_name": {
"type": "String"
},"keyvaultUri": {
"type": "String"
},"keyName": {
"type": "String"
},"keyVersion": {
"type": "String"
},"virtualNetworks_cmk_test_externalid": {
"type": "String"
}
},"variables": {},"resources": [
{
"type": "Microsoft.CognitiveServices/accounts","apiVersion": "2017-04-18","name": "[parameters('accounts_speech_name')]","location": "eastus","sku": {
"name": "S0"
},"kind": "SpeechServices","identity": {
"type": "SystemAssigned","userAssignedIdentities": {}
},"properties": {
"customSubDomainName": "[parameters('accounts_speech_name')]","networkAcls": {
"defaultAction": "Deny","virtualNetworkRules": [
{
"id": "[concat(parameters('virtualNetworks_cmk_test_externalid'),'/subnets/default')]","ignoreMissingVnetServiceEndpoint": false
}
],"ipRules": []
},"encryption": {
"keySource": "Microsoft.Keyvault","keyVaultProperties": {
"keyName": "[parameters('keyName')]","keyVersion": "[parameters('keyVersion')]","keyVaultUri": "[parameters('keyVaultUri')]"
}
},"privateEndpointConnections": [],"publicNetworkAccess": "Enabled"
}
}
]
}
,我是来自 Microsoft 语音服务团队的 Darren。谢谢你的问题。请提供有关您正在尝试构建的内容的更多详细信息,因为我不清楚。这是关于将语音服务作为 Docker 容器部署到您的环境中吗? CMK 和 Vnet 集成的用途是什么?您提供更多详细信息后,我会找到合适的人来回答。