Cheatsheet - Azure - KeyVault

The following commands can be used when targeting Azure KeyVault services.

Azure KeyVault is a service that allows administrators to securely store credentials, secrets, certificates etc.

Enumerate keys

Enumerate the keys in a selected vault:

# Set variables
$VaultName = "<vault name>"

# Set the current Azure subscription
$SubscriptionID = "<sub id>"
az account set --subscription $SubscriptionID

# List and store the secrets
$secretsJson = az keyvault secret list --vault-name $VaultName -o json
$secrets = $secretsJson | ConvertFrom-Json

# List and store the keys
$keysJson = az keyvault key list --vault-name $VaultName -o json
$keys = $keysJson | ConvertFrom-Json

# Output the secrets
Write-Host "Secrets in vault $VaultName"
foreach ($secret in $secrets) {
    Write-Host $secret.id
}

# Output the keys
Write-Host "Keys in vault $VaultName"
foreach ($key in $keys) {
    Write-Host $key.id
}

Example output:

https://ext-contractors.vault.azure.net/secrets/alissa-suarez
https://ext-contractors.vault.azure.net/secrets/josh-harvey
https://ext-contractors.vault.azure.net/secrets/ryan-garcia

Enumerate secrets

Enumerate the secrets of selected keys in the vault:

# Set variables
$VaultName = "ext-contractors"
$SecretNames = @("key1", "key2", "key3")

# Set the current Azure subscription
$SubscriptionID = "subid"
az account set --subscription $SubscriptionID

# Retrieve and output the secret values
Write-Host "Secret Values from vault $VaultName"
foreach ($SecretName in $SecretNames) {
    $secretValueJson = az keyvault secret show --name $SecretName --vault-name $VaultName -o json
    $secretValue = ($secretValueJson | ConvertFrom-Json).value
    Write-Host "$SecretName - $secretValue"
}

Example output:

alissa-suarez - Welcome123!
josh-harvey - S3cret53
ryan-garcia - HiThere!