A big part of where Microsoft Azure is going is being driven by template-defined environments that leverage the Azure Resource Manager (ARM) for deployment orchestration.
If you’ve spent any time working with ARM deployments you will have gotten used to seeing this pattern in your templates when deploying Virtual Machines (VMs):
The adminPassword property accepts a Secure String object which contains an encrypted string that is passed to the VM provisioning engine in Azure and is used to set the login password. You provide the clear text version of the password either as a command-line parameter, or via a parameters file.
The obvious problems with this way of doing things are:
- Someone needs to type the cleartext password which means:
- it needs to be known to anyone who provisions the environment and
- how do I feed it into an automated environment deployment?
- If I store the password in a parameter…
View original post 781 more words