Skip to main content

Powershell for Azure KeyVault Certificate Management, SAS key & credentials


Powershell to work with Azure KeyVault for Certificate Management

#Login to ARM Account and select related Subscription
Login-AzureRmAccount

$subscriptionId= 'MY_Subscription_GUID'
Set-AzureRmContext -SubscriptionId   $subscriptionid

# Create Resource Group for azure KeyVault
$myrg='myrg'
$location='eastus'
New-AzureRmResourceGroup -Name $myrg -Location $location

# Create azure KeyVault
# Use -EnabledForDeployment  to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
# Use -EnabledForTemplateDeployment to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

$mykeyvault ='mykeyvault'
New-AzureRmKeyVault -VaultName $mykeyvault -ResourceGroupName $myrg -Location $location -EnabledForDeployment -EnabledForTemplateDeployment

# Import Cert to azure KeyVault
$CertificateName ='mycert' # expected pattern '^[0-9a-zA-Z-]+$'
$ExistingPfxFilePath ='C:\xxx\cert\cert1.abc.com.pfx'
$securepfxpwd = ConvertTo-SecureString –String 'mypassword' –AsPlainText –Force

Import-AzureKeyVaultCertificate -VaultName $mykeyvault -Name $CertificateName -FilePath $ExistingPfxFilePath -Password $securepfxpwd

# Retrieve Cert Details from azure KeyVault

Get-AzureKeyVaultSecret -VaultName $mykeyvault -Name $CertificateName


###### SAS Key #######
#Save Blob/ Storage account key in Keyvault
$storage='myblob'
$primarysaskey = (Get-AzureRmStorageAccountKey `
        -ResourceGroupName $myrg -AccountName $storage).Value[0]

$secretvalue = ConvertTo-SecureString $primarysaskey -AsPlainText -Force

#Create Vault for SAS Key
$mykeyvault = 'kvsas'
New-AzureRmKeyVault -VaultName $mykeyvault -ResourceGroupName $myrg -Location $location -EnabledForDeployment -EnabledForTemplateDeployment

#Set sas value (secret) in keyvault
Set-AzureKeyVaultSecret -VaultName $mykeyvault -Name $primarysaskey  -SecretValue $secretvalue

#Retrieve Sas Key token
Get-AzureKeyVaultSecret -VaultName $kvbm -Name $primarysaskeyname

###### Admin Credentials #######
#Save Admin account Credentials in Keyvault

$mykeyvault = 'kvadmin'
Set-AzureKeyVaultSecret -VaultName $mykeyvault  -Name 'admin' -SecretValue (Get-Credential).Password

#Retrieve Admin account Credentials from Keyvault
$password = Get-AzureKeyVaultSecret -VaultName $mykeyvault -Name 'admin'
$password.SecretValueText

Comments

Post a Comment