SSH keys in ARM

The Azure ARM system allows you to upload ssh public keys as a first-class object in ARM. This sample illustrates how to create such an SSH public key, and also how to dynamically use it.

During interactive VM creation in the portal, you can dynamically select an existing public key for your new VM. However, for template-based creation of a VM, you need to use the reference() ARM function to retrieve the value. The ARM schema for VMs doesn't currently allow you to refer to a key object, instead you must provide the literal SSH key value as a string to the VM, in the .osProfile.linuxConfiguration.ssh.publicKeys[0].keyData value.

The following little Bicep sample demonstrates these two concepts:

  1. Creating the 'Microsoft.Compute/sshPublicKeys' ARM resource, as well as

  2. dynamically retrieving it. For the sake of the example, I'm not really creating a VM, but just fetch the ssh public key and output it in the template.

param keyName string = 'chgeuer'
param sshPublicKey string = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChtYrL..... chgeuer@beam'

resource mySshkey 'Microsoft.Compute/sshPublicKeys@2020-12-01' = {
  name: keyName
  location: resourceGroup().location
  properties: {
    publicKey: sshPublicKey

var sshkeyId = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Compute/sshPublicKeys/${keyName}'

var sshkeyId2 =

var apiversion = '2020-12-01'

output key string = reference(sshkeyId, apiversion).publicKey
output key2 string = reference(, apiversion).publicKey

Last updated