The Azure Key Vault Provider for Secrets Store CSI Driver allows code running on pods in AKS to pull secrets from an Azure Key Vault. The existing documentation shows you how to do this using the Azure CLI. Here is how to do the same using a Bicep template.
YAML
resource aks 'Microsoft.ContainerService/managedClusters@2021-03-01' = {
name: aksName
location: location
properties: {
kubernetesVersion: '1.24.6'
...
addonProfiles: {
azureKeyVaultSecretsProvider: {
enabled: true
config: {
enableSecretRotation: 'true'
rotationPollInterval: '120s'
}
}
}
}
identity: {
type: 'SystemAssigned'
}
}