Deploy Azure Key Vault and Azure Container Registry for Document Signing with Notary

Josh Duffney - Nov 2 '22 - - Dev Community

In this article, you'll deploy an Azure Key Vault and Azure Container Registry instance with Terraform.

Terraform is an infrastructure as code tool that lets you define your infrastructure resources with readable configuration files. You'll use it to deploy the necessary Azure infrastructure that your GitHub workflow depends on for signing container images.

By the end of this article, you'll have deployed all the Azure resources needed to digitally sign container images with Notary.

Create a service principal

Your GitHub workflow and Terraform both need an service principal for authenticating with Azure.

Create a new service principal by running the following az command:

az ad sp create-for-rbac --name notary-gh-sp --role contributor \
--scopes /subscriptions/<subscriptionId> --sdk-auth
Enter fullscreen mode Exit fullscreen mode

Replace subscriptionId with your Azure subscriptions Id.

TIP Store the JSON object in a secure place. You'll use it to create a credential to authenticate to Azure with the Azure Login GitHub Action.

Export Terraform environment variables

One of several ways to pass credentials to Terraform is through environment variables, without these variables Terraform will failed to authenticate to Azure.

Use the following export commands to set the necessary environment variables for the Azure Terraform provider.

export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"
Enter fullscreen mode Exit fullscreen mode

Replace the 00000000 with the values provided in the JSON from the az ad sp create-for-rbac command.

Apply the Terraform configuration

With the service principal created and the environment variable set, you're now ready to apply the Terraform configuration.

  1. Change directories to the terraform folder.

    cd terraform

  2. Initialize Terraform

    terraform init

  3. Apply the Terraform configuration

    terraform apply

    When prompted type yes into the terminal and hit enter.

Terraform apply command

Create an Azure Container Registry Token

Your last task in this tutorial is to create a token that Notation, the command-line tool for Notary, will use to authenticate to the registry when signing images.

Run the following command to create an ACR token:

az acr token create \
--name exampleToken \
--registry <registryName> \
--scope-map _repositories_admin \
--query 'credentials.passwords[0].value' \
--only-show-errors \
--output tsv
Enter fullscreen mode Exit fullscreen mode

TIP Store the password value in a secure place. You'll need to store it as a GitHub secret later in the demo.

Image
Training a Convolutional Neural Network on the CIFAR-10 Dataset
Image
The Benefits of Using a VPN for Your Business
Image
guess a number from 4 digit

programming, python
Image
Adding a Cat Flap to Your Bifold Doors
Image
10 Simple Ways To Figure Out Your Asbestos Lawyer
Image
Fitting a Cat Flap
Image
Affordable VPS Hosting for Bloggers: What You Need to Know
Image
On Learning Vim

vim, beginners, productivity, learning
Image
10 Unexpected 4 Seater Chesterfield Tips
Image
How to Use Proxy Objects in JavaScript

javascript, web
Image
Env-Core: An Easy Way to Validate Environment Variables in Node.js Projects

validation, environment, node, nestjs
Image
How To Explain Car Keys Lost To Your Boss
Image
react-query users, take a look: Form submission can be this easy?

webdev, javascript, alova
Image
Vind jouw dakdekker in Maastricht op dakdekker-info nl
Image
UPVC Door Panel With Cat Flap
Image
How to Secure Your Website from Cyberattacks with VPS Hosting
Image
Fitting Cat Flap in UPVC Door Panel
Image
The Most Worst Nightmare About Lost My Car Keys Be Realized
Image
Why VPS Hosting is the Future of Small Business Websites in 2024–2025

vps, hosting, business
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Terabox Video Player