I am trying to export keyvault access policies from multiple azure subscriptions to csv. Preferably pulling those vault names & sub ids from an input csv and looping through it. Searching around I found solutions but they all use hardcoded vault names.. I hope this makes sense.. Will appreciate any help. Thank you.
You could try the script below, it works fine on my side.
$subs = Get-AzureRmSubscription
foreach($sub in $subs){
Set-AzureRmContext -Subscription $sub.Id -Tenant $sub.TenantId
$vaults = Get-AzureRmKeyVault
foreach($vault in $vaults){
$policies = (Get-AzureRmKeyVault -ResourceGroupName $vault.ResourceGroupName -VaultName $vault.VaultName).AccessPolicies
$policies | select DisplayName, PermissionsToCertificatesStr, PermissionsToKeysStr, PermissionsToSecretsStr | Export-Csv -Path C:\Users\joyw\Desktop\policies.csv -Append -NoTypeInformation
}
}
The policies.csv
file will be like:
Update :
If you want to include the keyvault name, try the script below.
$subs = Get-AzureRmSubscription
foreach($sub in $subs){
Set-AzureRmContext -Subscription $sub.Id -Tenant $sub.TenantId
$vaults = Get-AzureRmKeyVault
foreach($vault in $vaults){
$policies = (Get-AzureRmKeyVault -ResourceGroupName $vault.ResourceGroupName -VaultName $vault.VaultName).AccessPolicies
foreach($policy in $policies){
$obj = [PSCustomObject]@{
KeyVaultName = $vault.VaultName
DisplayName = $policy.DisplayName
PermissionsToCertificatesStr = $policy.PermissionsToCertificatesStr
PermissionsToKeysStr = $policy.PermissionsToKeysStr
PermissionsToSecretsStr = $policy.PermissionsToSecretsStr
}
$obj | Export-Csv -Path C:\Users\joyw\Desktop\policies1.csv -Append -NoTypeInformation
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.