Azure Key Vault Secret
22.1.17
Azure Key Vault makes it possible to securely store a String (or PowerShell Script) behind Azure Active Directory (Azure AD) authentication.
Azure Key Vault Secret RBAC Roles
There are two RBAC roles that are needed, depending if you need Read or Read/Write access to Azure Key Vault
PowerShell Modules
The following PowerShell Modules will be needed for Creating and Reading an Azure Key Vault Secret
Az.Accounts
Az.KeyVault
Set-AzKeyVaultSecret
For this task, I decided to use Invoke-RestMethod
to read a GitHub Gist as my string
Once this was complete, I verified in Azure Portal that my Key Vault Secret was created. I also pressed the 'Show Secret Value' button and verified that my full script was saved as a Secret
Get-AzKeyVaultSecret
I tested reading the Key Vault Secret with my Tech account and using Get-AzKeyVaultSecret
returned the Key Vault Secret Object
To view the Secret, I added the -AddPlainText
parameter which returned the PowerShell script. Finally I tested passing this to Invoke-Expression
to get the PowerShell script I saved executed
Summary
This method adds the security of Azure with easy to remember words to execute a PowerShell Script in the Cloud
Sponsor
OSDeploy is sponsored by Recast Software and their Systems Management Tools
Last updated