stackoom
  简体   繁体   中英

How to bulk create and update Azure Key Vault secrets using scripts?

 原文  2021-01-02 09:24:32       azure/ powershell/ azure-powershell/ azure-keyvault/ azure-cli

Question

I have a scenerio where I need to fetch the secret list from ' A ' azure key vault and then create them in ' B ' azure keyvault. But the values will have to changes/updated while creating secrets in ' B ' azure keyvault. As I have many secrets so I am trying to perform it via a script.

I have tried to pull only secrets name from ' A ' azure keyvault and store into a CSV file using the below AZ CLI command:

az keyvault secret list --vault-name <<vault-name>> -o table > src.csv

Now I want to use the same CSV file where I can update the new values for the secrets fetched and use it to create/update the secrets in the ' B ' azure keyvault using any Powershell/AZ CLI/Bash script .

Has anyone faced this similar kind of scenerio? Is it do able? If yes, then please guide me.

2 answers

solution1
 1 ACCPTED  2021-01-04 05:53:40

Of course, you're able to do it. I assume you would use the bash script to achieve it, then here is the example script:

az keyvault secret list --vault-name keyvault_A --query [].name -o tsv > /mnt/d/ubuntu/temp.csv
input="/mnt/d/ubuntu/temp.csv"
while IFS= read -r secret
do
    # echo $secret
    echo "Create secret name : $secret"
    az keyvault secret set --vault-name keyvault_B --name $secret --value $secret
done < $input
az keyvault secret list --vault-name keyvault_B -o table

As I see you would update/change the value of the secrets, so I only get the name of the secrets and the list also cannot get the value for you. If you need to update/change the value of the secrets according to the existing value, you can get the value in the while loop via the command az keyvault secret show .

solution2
 0  2021-01-02 13:41:03

Here you have two steps how to read secret names from one Key Vault and write to another one. You only need to add logic to update new values through file.

Read secret names:

$secrets = az keyvault secret list --vault-name kv-stack | ConvertFrom-Json | Select-Object @{Label='Name'; Expression={$_.Id.split("/")[-1]}}

Write to another key vault:

 $secrets | ForEach-Object {az keyvault secret set --vault-name kv-stack-2 --name $_.Name --value something}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Key Vault - How to update the secrets Create new keys and secrets in Azure Key Vault How to add multiple secrets to azure key vault using terraform Azure Key Vault: Backup Secrets using PowerShell Unable to create secrets in Azure Key Vault if using Azure role-based access control How to read and update secrets information in parameters.json file of Azure Logic App from Azure Key Vault Azure Key Vault Secrets Query Assign Key Vault Secrets to an Azure Function using Azure PowerShell Azure Automation Credentials using Azure Key Vault secrets Azure Key Vault - can't get, create, or list secrets
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM