Introduction
A couple of weeks back I was messing around with the Azure Key Vault looking to centralise a bunch of credentials for my ever-growing list of Azure Functions that are automating numerous tasks. What I found was getting an Azure Key Vault setup and getting credentials in and out was a little more cumbersome than what I thought it should be. At that same point via Twitter this tweet appeared in my timeline from a retweet. I’m not too sure why, but maybe because I’m been migrating to VSCode myself I checked out Axel’s project.
Axel’s PowerShell Module simplifies creating and integrating with the Azure Key Vault. After messing with it and suggesting a couple of enhancements that Axel graciously entertained, I’m creating vaults, adding and removing credentials in the simplified way I’d wanted.
This quickstart guide to using this module will get you started too.
Create an Azure Key Vault
This is one of the beauties of Axel’s module. If the Resource Group and/or Storage Group you want associated with your Key Vault doesn’t exist then it creates them.
Update the following script for the location (line 8) and the name (line 10) that will be given to your Storage Account, Resource Group and Vault. Modify if you want to use different names for each.
Done, Key Vault created.
Connect to the Azure Key Vault
This script assumes you’re now in a new session and wanting to connect to the Key Vault. Again, a simplified version whereby the SG, RG and KV names are all the same. Update for your location and Key Vault name.
Connected.
Add a Certificate to the Azure Key Vault
To add a certificate to our new Key Vault use the command below. It will prompt you for your certificate password and add the cert to the key vault.
Certificate added to Key Vault.
Retrieve a Certificate from the Azure Key Vault
To retrieve a certificate from the Key Vault is just as simple.
$VaultCert = Get-AzureCertificate -Name "AADAppCert" -ResourceGroupName $name -StorageAccountName $name -VaultName $name
Add Credentials to the Azure Key Vault
Adding username/password or clientID/clientSecret to the Key Vault is just as easy.
# Store credentials into the Azure Key Vault Set-AzureCredential -UserName "serviceAccount" -Password ($pwd = Read-Host -AsSecureString) -VaultName $name -StorageAccountName $name -Verbose
Credentials added to vault
Retrieve Credentials from the Azure Key Vault
Retrieving credentials is just as easy.
# Get credentials from the Azure Key Vault $AzVaultCreds = Get-AzureCredential -UserName "serviceAccount" -VaultName $name -StorageAccountName $name -Verbose
Credentials retrieved.
Remove Credentials from the Azure Key Vault
Removing credentials is also a simple cmdlet.
# Remove credentials from the Azure Key Vault Remove-AzureCredential -UserName "serviceAccount" -VaultName $name -StorageAccountName $name -Verbose
Credentials removed.
Summary![]()
Hopefully this gets you started quickly with the Azure Key Vault. Credit to Axel for creating the module. It’s now part of my toolkit that I’m using a lot.