Azure 多订阅 Key Vault 访问策略
[英]Azure multiple subscriptions key vault access policies
问题描述
I am trying to export keyvault access policies from multiple azure subscriptions to csv.
我正在尝试将密钥库访问策略从多个 azure 订阅导出到 csv。 Preferably pulling those vault names & sub ids from an input csv and looping through it.最好从输入 csv 中提取这些保险库名称和子 ID 并循环遍历它。 Searching around I found solutions but they all use hardcoded vault names.. I hope this makes sense.. Will appreciate any help.四处搜索我找到了解决方案,但它们都使用硬编码的保险库名称.. 我希望这是有道理的.. 将不胜感激。 Thank you.谢谢你。
1 个解决方案
解决方案1
0 已采纳 2020-03-13 02:50:27
You could try the script below, it works fine on my side.你可以试试下面的脚本,它在我这边工作正常。
$subs = Get-AzureRmSubscription
foreach($sub in $subs){
Set-AzureRmContext -Subscription $sub.Id -Tenant $sub.TenantId
$vaults = Get-AzureRmKeyVault
foreach($vault in $vaults){
$policies = (Get-AzureRmKeyVault -ResourceGroupName $vault.ResourceGroupName -VaultName $vault.VaultName).AccessPolicies
$policies | select DisplayName, PermissionsToCertificatesStr, PermissionsToKeysStr, PermissionsToSecretsStr | Export-Csv -Path C:\Users\joyw\Desktop\policies.csv -Append -NoTypeInformation
}
}
The policies.csv file will be like: policies.csv文件将类似于:
Update :更新:
If you want to include the keyvault name, try the script below.如果要包含密钥库名称,请尝试以下脚本。
$subs = Get-AzureRmSubscription
foreach($sub in $subs){
Set-AzureRmContext -Subscription $sub.Id -Tenant $sub.TenantId
$vaults = Get-AzureRmKeyVault
foreach($vault in $vaults){
$policies = (Get-AzureRmKeyVault -ResourceGroupName $vault.ResourceGroupName -VaultName $vault.VaultName).AccessPolicies
foreach($policy in $policies){
$obj = [PSCustomObject]@{
KeyVaultName = $vault.VaultName
DisplayName = $policy.DisplayName
PermissionsToCertificatesStr = $policy.PermissionsToCertificatesStr
PermissionsToKeysStr = $policy.PermissionsToKeysStr
PermissionsToSecretsStr = $policy.PermissionsToSecretsStr
}
$obj | Export-Csv -Path C:\Users\joyw\Desktop\policies1.csv -Append -NoTypeInformation
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.