I’m writing this short blog post to fill a gap here on scripting library regarding the secret management topic after a comment received on this previous article.
I’m not opinionated when I need to choose a secret management solution, there are multiple options available and like anything else, it depends on your needs. What I find very appealing about Azure Key Vault is that offers a very simple user interface, all the features I generally need, no upfront costs, and all the PowerShell cmd-let you need.
What is Azure Key Vault?
from : https://docs.microsoft.com/en-au/azure/key-vault/
Azure Key Vault helps solve the following problems:
- Secrets Management – Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets
- Key Management – Azure Key Vault can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.
- Certificate Management – Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.
What is required to start using it?
You need an Azure account and subscription (you can use a trial one)
I will assume you are already familiar with Azure Cloud services and with the Azure portal. In any case, I would recommend you start by reading the documentation of the Azure Key Vault.
Basic operations with Azure Key Vault with PowerShell
You can use cloud shell (https://shell.azure.com) or from a powershell window follow the instructions to connect/login with your account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
#Paolo Frigo, https://www.scriptinglibrary.com #Connect to your Azure account Connect-AzAccount #List all available Vaults Get-AzKeyVault #In case of multiple Vaults Use Tags or Name to filter the right one. # Get the Access Policies/Network Rules etc for your Vault # e.g. azkeyvscriptinglibXXXXX Get-AzKeyVault azkeyvscriptinglibXXXXX # Add a secret to the Vault $MySecret = Get-Credential Set-AzKeyVaultSecret -VaultName azkeyvscriptinglibXXXXX -name $Mysecret.username -SecretValue $Mysecret.password # Retrieve a secret from the Vault in a SecureString Format (Get-AzKeyVaultSecret -VaultName azkeyvscriptinglibXXXXX -Name $Mysecret.username).SecretValue # Retrieve a secret from the Vault into a Plain Text Format (Get-AzKeyVaultSecret -VaultName azkeyvscriptinglibXXXXX -Name $Mysecret.username).SecretValueText #Disconnect-AzAccount or Logout-AzAccount |
Conclusions
Over the years I’ve used several secret management solutions and by far Azure Key Vault would be the solution I would probably use for PowerShell, not just in Azure but especially on-premises.
As usual, you can find this code snippet in my GitHub repository.
2 Replies to “Secrets management with Azure Key Vault and Powershell”