![bubble-wand.200.png]](https://docs.arpio.io/hs-fs/hubfs/bubble-wand.200.png?height=40&name=bubble-wand.200.png){kind=small}
arpio-config:admin-password-secret
Provide a reference to the Azure Key Vault location where the administrator password is stored.
arpio-config:admin-password-secret = <keyvault-secret-location>
<keyvault-secret-location>
The URL associated with the key vault secret that contains the password value to be used. Should be in the following format: https://<keyvault-name>.vault.azure.net/secrets/<secret-name>
Supported Resources
- Azure SQL Virtual Server
- Virtual Machine Scale Sets (VMSS)
Description
Some Azure resource types are secured using passwords instead of Entra/AD RBAC rules and permissions. These passwords are "write-only" properties of the resource and cannot be retrieved by Azure. Instead, these must be stored in Azure Key Vault so they can be retrieved and used by Arpio to protect the resource.
When working with Azure SQL Database or Azure SQL Managed Instance servers that use SQL Authentication this tag must be placed on the primary SQL server. The value is required for Arpio to be able to restore the server with the same password in the recovery environment. The administrative username is returned by the Azure resource API’s so no tag is needed. Note that the Arpio service does not directly access or store this password - it is only accessed by the recovery delegate.
This tag must also be used with Azure Virtual Machine Scale Sets. These are stateless resources and the tag is necessary to ensure that the recovered instances use the same password that was used for the primary instances.
Examples
|
Tag |
Value |
arpio-config:admin-password-secret |
https://my-key-vault.vault.azure.net/secrets/sql-admin-password |