Get the Service Bus SharedAccessKey Programatically Using Bicep

Question

I am using bicep to create azure resources. One of these resources is a service bus and this is defined as follows:

resource service_bus 'Microsoft.ServiceBus/namespaces@2021-01-01-preview' = {
  name: '${service_bus_name}${uniqueString(service_bus_name)}'
  location: resourceGroup().location
  sku: {
    name: 'Standard'
    tier: 'Standard'
  }
  properties: {}
}

I then want to use this service bus in another resource and this is what I currently have for the connection string:

name: 'AzureWebJobsServiceBus'
value: 'Endpoint=sb://${service_bus.name}.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=<hardcoded_key>'          

How can I avoid the hard coded key. I tried using listKeys like this:

SharedAccessKey=${listKeys(service_bus.id, service_bus.apiVersion).value[0].primaryKey}

But this does not work, and variations on this also fail.

Answer 1

If I am not mistaken, listKeys bicep function for Service Bus maps to Namespaces - Authorization Rules - List Keys.

You will need to include AuthorizationRules/{authorizationRuleName} in your listKeys method call. For authorizationRuleName you can make use of RootManageSharedAccessKey.

I'm not sure if this would work (my first time playing around with bicep), but you can give it a try:

var listKeysEndpoint = '${service_bus.id}/AuthorizationRules/RootManageSharedAccessKey'
SharedAccessKey=${listKeys(listKeysEndpoint, service_bus.apiVersion).primaryKey}

Answer 2

You can also try:

var serviceBusEndpoint = '${service_bus.id}/AuthorizationRules/RootManageSharedAccessKey'
var serviceBusConnectionString = listKeys(serviceBusEndpoint, service_bus.apiVersion).primaryConnectionString

to get the connection string for the Service Bus.