Introduction to Az.KeyVault
The Az.KeyVault PowerShell module provides a set of cmdlets to manage Azure Key Vault secrets, keys, and certificates. Azure Key Vault is a cloud service that enables you to protect cryptographic keys and secrets used by cloud applications and services.
With this module, you can:
- Create, import, and manage secrets.
- Create, import, and manage cryptographic keys.
- Create, import, and manage certificates.
- Configure access policies to control who can access your Key Vault data.
- Integrate with other Azure services.
- Azure PowerShell installed.
- An Azure subscription.
- An Azure Key Vault instance.
Installation
To install the Az.KeyVault module, open a PowerShell session as an administrator and run the following command:
Install-Module -Name Az.KeyVault -Scope CurrentUserIf you want to install it for all users, use the -Scope AllUsers parameter:
Install-Module -Name Az.KeyVault -Scope AllUsersTo update an existing installation:
Update-Module -Name Az.KeyVaultKey Cmdlets
The Az.KeyVault module offers a comprehensive set of cmdlets for managing your Key Vault resources.
KeyVaultAccessPolicy
Manages access policies for a Key Vault. This defines permissions for principals to perform operations on Key Vault secrets, keys, and certificates.
Get-KeyVaultAccessPolicy
Set-KeyVaultAccessPolicy
Remove-KeyVaultAccessPolicyKeyVaultCertificate
Manages certificates within Azure Key Vault. This includes creating, importing, and retrieving certificates.
Get-KeyVaultCertificate
Import-KeyVaultCertificate
New-KeyVaultCertificatePolicy
Set-KeyVaultCertificatePolicy
Remove-KeyVaultCertificate
Undo-KeyVaultCertificateRemovalKeyVaultCredential
Represents credentials for accessing Azure Key Vault.
Get-KeyVaultCredentialKeyVaultManagedStorageAccount
Manages managed storage accounts within Azure Key Vault. This allows Key Vault to manage the access keys of storage accounts.
Get-KeyVaultManagedStorageAccount
Set-KeyVaultManagedStorageAccount
Remove-KeyVaultManagedStorageAccount
New-KeyVaultStorageKey
Get-KeyVaultStorageAccountKey
Rotate-KeyVaultStorageAccountKeyKeyVaultPolicy
Represents a certificate policy for Key Vault.
New-KeyVaultCertificatePolicyKeyVaultSecret
Manages secrets stored in Azure Key Vault. This includes creating, retrieving, and deleting secrets.
Get-KeyVaultSecret
Set-KeyVaultSecret
Remove-KeyVaultSecret
Undo-KeyVaultSecretRemovalKeyVaultSignature
Represents a signature generated by Key Vault cryptographic operations.
Invoke-KeyVaultKeyOperationKeyVaultSshKey
Manages SSH keys within Azure Key Vault.
Get-KeyVaultSshKey
Import-KeyVaultSshKey
Remove-KeyVaultSshKeyKeyVaultUri
Represents the URI of an Azure Key Vault.
Get-KeyVaultUriExamples
Here are some common scenarios:
1. Retrieving a secret from Key Vault
$secretName = "MySecret"
$vaultName = "MyKeyVault"
$secret = Get-KeyVaultSecret -VaultName $vaultName -Name $secretName
Write-Host "The secret value is: $($secret.SecretValueText)"2. Setting a secret in Key Vault
$secretName = "MyNewSecret"
$secretValue = "SuperSecretValue123!"
$vaultName = "MyKeyVault"
Set-KeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
Write-Host "Secret '$secretName' set successfully."3. Granting access to a user
$spName = "serviceprincipal@example.com"
$vaultName = "MyKeyVault"
$permissionsToSecrets = @("Get", "List")
$permissionsToKeys = @("Get", "List")
$permissionsToCertificates = @("Get", "List")
Set-KeyVaultAccessPolicy -VaultName $vaultName -ObjectId (Get-AzADServicePrincipal -ApplicationId "APP_ID_OR_DISPLAY_NAME").Id -PermissionsToSecrets $permissionsToSecrets -PermissionsToKeys $permissionsToKeys -PermissionsToCertificates $permissionsToCertificates4. Listing all certificates in a Key Vault
$vaultName = "MyKeyVault"
Get-KeyVaultCertificate -VaultName $vaultName