TwitterLinkedInGitHubPowerShell Gallery
Search…
About
Events
Blog
Guides
Autopilot App Registration
PSCloudScript
PS Cmdlets
GitHub Gist
GitHub Git Repo
Content-Type | Azure Static Web App
Command Shortening
Azure Key Vault Secret
OSD PowerShell Module
PSCloudScript Examples
go OSDCloud
PowerShell
OSD
OSDCloud
OSDBuilder (Offline Servicing)
OSDSUS (Update Catalogs)
OSDUpdate (MS Updates)
OSDDrivers (Compact Drivers)
PShot
Powered By GitBook
Azure Key Vault Secret
22.1.17
Key Vault | Microsoft Azure
Microsoft Azure
About Azure Key Vault secrets - Azure Key Vault
docsmsft
Store a multiline secret in Azure Key Vault
docsmsft
Azure Key Vault makes it possible to securely store a String (or PowerShell Script) behind Azure Active Directory (Azure AD) authentication.

Azure Key Vault Secret RBAC Roles

There are two RBAC roles that are needed, depending if you need Read or Read/Write access to Azure Key Vault
Key Vault Secrets Reader
Read secret contents.
Only works for key vaults that use the 'Azure role-based access control' permission model.
​
Key Vault Secrets Officer
Perform any action on the secrets of a key vault, except manage permissions.
Only works for key vaults that use the 'Azure role-based access control' permission model.

PowerShell Modules

The following PowerShell Modules will be needed for Creating and Reading an Azure Key Vault Secret
  • Az.Accounts
  • Az.KeyVault

Set-AzKeyVaultSecret

Set-AzKeyVaultSecret (Az.KeyVault)
docsmsft
For this task, I decided to use Invoke-RestMethod to read a GitHub Gist as my string
$VaultName = 'PSCloudScript'
$Name = 'KeyVaultSecretTest'
$Uri = 'https://gist.githubusercontent.com/OSDeploy/5754963498d77bc254fbe1436af3cb7d/raw/Test-PSCloudScriptAzKeyVaultSecret.ps1'
$RawString = Invoke-RestMethod -Uri $Uri
$SecretValue = ConvertTo-SecureString -String $RawString -AsPlainText -Force
Set-AzKeyVaultSecret -VaultName $VaultName -Name $Name -SecretValue $SecretValue
Once this was complete, I verified in Azure Portal that my Key Vault Secret was created. I also pressed the 'Show Secret Value' button and verified that my full script was saved as a Secret

Get-AzKeyVaultSecret

Get-AzKeyVaultSecret (Az.KeyVault)
docsmsft
I tested reading the Key Vault Secret with my Tech account and using Get-AzKeyVaultSecret returned the Key Vault Secret Object
To view the Secret, I added the -AddPlainText parameter which returned the PowerShell script. Finally I tested passing this to Invoke-Expression to get the PowerShell script I saved executed

Summary

This method adds the security of Azure with easy to remember words to execute a PowerShell Script in the Cloud

Sponsor

OSDeploy is sponsored by Recast Software and their Systems Management Tools
Home
Recast Software
Sponsored by Recast Software
​
Previous
Command Shortening
Next
OSD PowerShell Module
Last modified 8mo ago
Copy link
On this page
Azure Key Vault Secret RBAC Roles
PowerShell Modules
Set-AzKeyVaultSecret
Get-AzKeyVaultSecret
Summary
Sponsor