Using the Azure CLI to provide a key vault in Azure

%3CLINGO-SUB%20id%3D%22lingo-sub-1753488%22%20slang%3D%22en-US%22%3EUsing%20the%20Azure%20CLI%20to%20provide%20a%20key%20vault%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1753488%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStart%20the%20CloudShell%20in%20the%20Azure%20portal%26nbsp%3Bor%20go%20to%20the%20following%20URL%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fshell.azure.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fshell.azure.com%2F%3C%2FA%3E%3C%2FP%3E%3CP%3EPlease%20start%20with%20the%20following%20steps%20to%20begin%20the%20deployment%20(the%20Hashtags%20are%20comments)%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Here%20you%20can%20find%20out%20which%20subscription%20you%20are%20working%20with%3CBR%20%2F%3E%3CSTRONG%3Eaz%20account%20show%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23View%20all%20subscriptions%3CBR%20%2F%3E%3CSTRONG%3Eaz%20account%20list%20--all%20--output%20table%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23change%20the%20subscription%20(if%20necessary)%3CBR%20%2F%3E%3CSTRONG%3Eaz%20account%20set%20--subscription%20%22Name%20of%20the%20Subscription%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Create%20a%20resource%20group%3CBR%20%2F%3E%3CSTRONG%3Eaz%20group%20create%20--name%20%22myResourceGroup%22%20--location%20%22westeurope%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Create%20a%20key%20vault%20(choose%20your%20own%20unique%20key%20vault%20name%20%3D%26gt%3B%20replace%20%22twkvdemo2020%22%20with%20your%20name)%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20create%20--name%20%22twkvdemo2020%22%20--resource-group%20%22myResourceGroup%22%20--location%20%22westeurope%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Add%20a%20secret%20to%20Key%20Vault%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20secret%20set%20--vault-name%20%22twkvdemo2020%22%20--name%20%22ExamplePassword%22%20--value%20%22hVFkk965BuUv%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23View%20the%20value%20contained%20in%20the%20secret%20as%20plain%20text%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20secret%20show%20--name%20%22ExamplePassword%22%20--vault-name%20%22twkvdemo2020%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23To%20view%20your%20keys%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20secret%20list%20--vault-name%20%22twkvdemo2020%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Create%20access%20policy%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20set-policy%20--name%20%22twkvdemo2020%22%20--upn%20%22jwest%40tomwechsler.ch%22%20--secret-permissions%20get%2C%20list%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Enable%20Key%20Vault%20for%20deployment%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20update%20--name%20%22twkvdemo2020%22%20--resource-group%20%22myResourceGroup%22%20--enabled-for-deployment%20%22true%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Enable%20Key%20Vault%20for%20disk%20encryption%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20update%20--name%20%22twkvdemo2020%22%20--resource-group%20%22myResourceGroup%22%20--enabled-for-disk-encryption%20%22true%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Enable%20Key%20Vault%20for%20template%20deployment%3CBR%20%2F%3E%3CSTRONG%3Eaz%20keyvault%20update%20--name%20%22twkvdemo2020%22%20--resource-group%20%22myResourceGroup%22%20--enabled-for-template-deployment%20%22true%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20you%20have%20your%20own%20Azure%20Key%20Vault%20deployed%20with%20the%20Azure%20CLI!%20Congratulations!%3C%2FP%3E%3CP%3EIf%20you%20don't%20need%20the%20resource%20group%20(also%20to%20save%20costs)%20don't%20forget%20the%20clean%20up.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Clean%20up%20resources%3CBR%20%2F%3E%3CSTRONG%3Eaz%20group%20delete%20--name%20myResourceGroup%20--yes%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20article%20was%20useful.%20Best%20regards%2C%20Tom%20Wechsler%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EP.S.%26nbsp%3BAll%20scripts%20(%23PowerShell%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73893%22%20target%3D%22_blank%22%3E%40azure%3C%2FA%3E%20CLI%2C%20%23Terraform%2C%20%23ARM)%20that%20I%20use%20can%20be%20found%20on%20github!%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Ftomwechsler%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Ftomwechsler%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

 

Start the CloudShell in the Azure portal or go to the following URL: https://shell.azure.com/

Please start with the following steps to begin the deployment (the Hashtags are comments):

 

#Here you can find out which subscription you are working with
az account show

 

#View all subscriptions
az account list --all --output table

 

#change the subscription (if necessary)
az account set --subscription "Name of the Subscription"

 

#Create a resource group
az group create --name "myResourceGroup" --location "westeurope"

 

#Create a key vault (choose your own unique key vault name => replace "twkvdemo2020" with your name)
az keyvault create --name "twkvdemo2020" --resource-group "myResourceGroup" --location "westeurope"

 

#Add a secret to Key Vault
az keyvault secret set --vault-name "twkvdemo2020" --name "ExamplePassword" --value "hVFkk965BuUv"

 

#View the value contained in the secret as plain text
az keyvault secret show --name "ExamplePassword" --vault-name "twkvdemo2020"

 

#To view your secrets
az keyvault secret list --vault-name "twkvdemo2020"

 

#Create access policy
az keyvault set-policy --name "twkvdemo2020" --upn "jwest@tomwechsler.ch" --secret-permissions get, list

 

#Enable Key Vault for deployment
az keyvault update --name "twkvdemo2020" --resource-group "myResourceGroup" --enabled-for-deployment "true"

 

#Enable Key Vault for disk encryption
az keyvault update --name "twkvdemo2020" --resource-group "myResourceGroup" --enabled-for-disk-encryption "true"

 

#Enable Key Vault for template deployment
az keyvault update --name "twkvdemo2020" --resource-group "myResourceGroup" --enabled-for-template-deployment "true"

 

Now you have your own Azure Key Vault deployed with the Azure CLI! Congratulations!

If you don't need the resource group (also to save costs) don't forget the clean up.

 

#Clean up resources
az group delete --name myResourceGroup --yes

 

I hope this article was useful. Best regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, @azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

 

0 Replies