Azure multiple subscriptions key vault access policies

Question

I am trying to export keyvault access policies from multiple azure subscriptions to csv. Preferably pulling those vault names & sub ids from an input csv and looping through it. Searching around I found solutions but they all use hardcoded vault names.. I hope this makes sense.. Will appreciate any help. Thank you.

Answer 1

You could try the script below, it works fine on my side.

$subs = Get-AzureRmSubscription
foreach($sub in $subs){
    Set-AzureRmContext -Subscription $sub.Id -Tenant $sub.TenantId
    $vaults = Get-AzureRmKeyVault
    foreach($vault in $vaults){
        $policies = (Get-AzureRmKeyVault -ResourceGroupName $vault.ResourceGroupName -VaultName $vault.VaultName).AccessPolicies
        $policies | select DisplayName, PermissionsToCertificatesStr, PermissionsToKeysStr, PermissionsToSecretsStr | Export-Csv -Path C:\Users\joyw\Desktop\policies.csv -Append -NoTypeInformation
    }
}

The policies.csv file will be like:

Update :

If you want to include the keyvault name, try the script below.

$subs = Get-AzureRmSubscription
foreach($sub in $subs){
    Set-AzureRmContext -Subscription $sub.Id -Tenant $sub.TenantId
    $vaults = Get-AzureRmKeyVault
    foreach($vault in $vaults){
        $policies = (Get-AzureRmKeyVault -ResourceGroupName $vault.ResourceGroupName -VaultName $vault.VaultName).AccessPolicies
        foreach($policy in $policies){
        $obj = [PSCustomObject]@{
            KeyVaultName = $vault.VaultName
            DisplayName = $policy.DisplayName
            PermissionsToCertificatesStr = $policy.PermissionsToCertificatesStr
            PermissionsToKeysStr = $policy.PermissionsToKeysStr
            PermissionsToSecretsStr = $policy.PermissionsToSecretsStr
            }
        $obj |  Export-Csv -Path C:\Users\joyw\Desktop\policies1.csv -Append -NoTypeInformation
       }
    }
}