[英]Adding the backup management service to keyvault in Azure powershell
In order to backup encrypted virtual machines in azure, Backup Management Service requires permissions in the key vault. 为了以天蓝色的方式备份加密的虚拟机,备份管理服务需要密钥库中的权限。 There is a template for this in the portal that allows you to add the permissions required however I cannot find either documentation to do this in powershell nor can I find the object id for the backup management service to use Set-AzureRmKeyVaultAccessPolicy.
门户网站中有一个用于此目的的模板,允许您添加所需的权限,但是我找不到在Powershell中执行此操作的文档,也找不到用于使用Set-AzureRmKeyVaultAccessPolicy的备份管理服务的对象ID。
I dont want to have to manually add this access policy into every key vault I create for my encrypted virtual machines. 我不想手动将此访问策略添加到为加密的虚拟机创建的每个密钥库中。
Editing for further clarity: 编辑以进一步清晰:
I know how to set access policy with powershell and I do so for my aad service principal for writing the keys to key vault at encryption time. 我知道如何使用powershell设置访问策略,而我的aad服务主体则需要这样做,以便在加密时将密钥写入密钥库。 However for Recovery Services Vault to work, the Azure backup service also needs access to the keys, I cannot find out how to add this Azure backup service to the key vault using Powershell, I can only see how to do it in the portal which is: Add access policy > Configure from template > Azure Backup.
但是,要使Recovery Services Vault正常工作,Azure备份服务还需要访问密钥,我无法找到如何使用Powershell将Azure备份服务添加到密钥库中的方法,我只能在门户网站中查看如何进行操作。 :添加访问策略>从模板配置> Azure备份。 This adds the Service Principal "Backup Management Service" to the key vault.
这会将服务主体“备份管理服务”添加到密钥库中。 I cannot find this service principal in my subscription nor does Powershell accept this as a valid name.
我在订阅中找不到此服务主体,Powershell也不接受此为有效名称。
I know this post is 2 months old, but I found a solution. 我知道这个帖子已经2个月大了,但是我找到了解决方案。 run this to get the object ID of that "built in" service principal
运行此命令以获取该“内置”服务主体的对象ID
$spobj = Get-AzureRmADServicePrincipal -SearchString "Backup Management Service"
then this should work against your keyvault. 那么这应该可以对抗您的密钥库。
Set-AzureRmKeyVaultAccessPolicy -ObjectId $spobj.Id -VaultName $kvname -PermissionsToKeys get,list,backup -PermissionsToSecrets get,list,backup
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.