Document Details
Template Tutorial Use Key Vault
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_first
⚠️
missing_linux_example
⚠️
windows_tools
Summary:
The documentation page demonstrates a strong Windows and PowerShell bias. All command-line examples for resource creation, deployment, and validation use Azure PowerShell, with no equivalent Azure CLI (Bash) or Linux-native instructions. The tutorial centers on deploying a Windows VM, and the only VM template referenced is for Windows. The instructions for connecting to the VM use RDP, which is Windows-specific. There is minimal mention of Bash or Linux workflows, and no Linux VM deployment example is provided.
Recommendations:
- Provide Azure CLI (az) command examples alongside PowerShell for all resource creation, deployment, and validation steps. Show both PowerShell and Bash syntax where appropriate.
- Include a Linux VM deployment example (e.g., using the 'vm-simple-linux' template) and show how to retrieve secrets for a Linux VM admin password.
- When demonstrating how to connect to the VM, include SSH instructions for Linux VMs, not just RDP for Windows.
- In the 'Deploy the template' section, show both PowerShell and CLI commands for deploying ARM templates.
- Balance the order of presentation: mention Linux/Bash/CLI options at least as prominently as Windows/PowerShell, rather than as an afterthought.
- Reference Linux password requirements and provide links to Linux VM documentation, not just Windows.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
| 2025-07-12 00:58 | #8 | cancelled | ✅ Clean |
| 2025-07-10 05:06 | #7 | processing | ✅ Clean |
Flagged Code Snippets
Now you've prepared a key vault and a secret. The following sections show you how to customize an existing template to retrieve the secret during the deployment.
## Open a quickstart template
Azure Quickstart Templates is a repository for ARM templates. Instead of creating a template from scratch, you can find a sample template and customize it. The template that's used in this tutorial is called [Deploy a simple Windows VM](https://azure.microsoft.com/resources/templates/vm-simple-windows/).
1. In Visual Studio Code, select **File** > **Open File**.
1. In the **File name** box, paste the following URL:
When you copy and paste the ID, it might be broken into multiple lines. Merge the lines and trim the extra spaces.
To validate the deployment, run the following PowerShell command in the same shell pane to retrieve the secret in clear text. The command works only in the same shell session, because it uses the variable `$keyVaultName`, which is defined in the preceding PowerShell script.
1. Select **Open** to open the file. The scenario is the same as the one that's used in [Tutorial: Create ARM templates with dependent resources](./template-tutorial-create-templates-with-dependent-resources.md).
The template defines six resources:
* [**Microsoft.Storage/storageAccounts**](/azure/templates/Microsoft.Storage/storageAccounts).
* [**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses).
* [**Microsoft.Network/networkSecurityGroups**](/azure/templates/microsoft.network/networksecuritygroups).
* [**Microsoft.Network/virtualNetworks**](/azure/templates/microsoft.network/virtualnetworks).
* [**Microsoft.Network/networkInterfaces**](/azure/templates/microsoft.network/networkinterfaces).
* [**Microsoft.Compute/virtualMachines**](/azure/templates/microsoft.compute/virtualmachines).
It's helpful to have some basic understanding of the template before you customize it.
1. Select **File** > **Save As**, and then save a copy of the file to your local computer with the name *azuredeploy.json*.
1. Repeat steps 1-3 to open the following URL, and then save the file as *azuredeploy.parameters.json*.
> [!IMPORTANT]
> Replace the value for `id` with the resource ID of the key vault that you created in the previous procedure. The `secretName` is hardcoded as **vmAdminPassword**. See [Prepare a key vault](#prepare-a-key-vault).
1. Update the following values:
* `adminUsername`: The name of the virtual machine administrator account.
* `dnsLabelPrefix`: Name the `dnsLabelPrefix` value.
For examples of names, see the preceding image.
1. Save the changes.
## Deploy the template
1. Sign in to [Cloud Shell](https://shell.azure.com).
1. Choose your preferred environment by selecting either **PowerShell** or **Bash** (for CLI) on the upper left corner. Restarting the shell is required when you switch.
1. Select **Upload/download files**, and then select **Upload**. Upload both *azuredeploy.json* and *azuredeploy.parameters.json* to Cloud Shell. After uploading the file, you can use the `ls` command and the `cat` command to verify the file is uploaded successfully.
1. Run the following PowerShell script to deploy the template.
When you deploy the template, use the same resource group that you used in the key vault. This approach makes it easier for you to clean up the resources, because you need to delete only one resource group instead of two.
## Validate the deployment
After you've successfully deployed the virtual machine, test the sign-in credentials by using the password that's stored in the key vault.
1. Open the [Azure portal](https://portal.azure.com).
1. Select **Resource groups** > **\<*YourResourceGroupName*>** > **simpleWinVM**.
1. Select **Connect** at the top.
1. Select **Download RDP File**, and then follow the instructions to sign in to the virtual machine by using the password that's stored in the key vault.
## Clean up resources
When you no longer need your Azure resources, clean up the resources that you deployed by deleting the resource group.