How to use Azure Key Vault with the Azure CLI

#azure #devops #cli

Azure Key Vault is a secure secret storage service from Microsoft. You can use it to safeguard application credentials and SSH keys. In this post, I’ll show you how to create a Key Vault, and also how to add, retrieve and modify credentials in it.

Creating a Key Vault

Create a resource group if you don’t have one

az group create --name myResourceGroup --location westus2

Create an Azure Key Vault

az keyvault create --name <yourKeyVaultName> --resource-group myResourceGroup --location westus2

Replace yourKeyVaultName with your own name. Azure assigns DNS names for Key Vaults, so yourKeyVaultName must be globally unique.

Insert a Secret

To insert or set a new secret, use az keyvault secret set:

az keyvault secret set --vault-name <yourKeyVaultName> --name "MySecret" --value "SecretValue"

Retrieve a Secret

To securely retrieve a secret:

az keyvault secret show --vault-name <yourKeyVaultName> --name "MySecret"

To retrieve only the secret’s value and no other metadata:

az keyvault secret show --vault-name <yourKeyVaultName> --name "MySecret" --query value -o tsv

Update an Existing Secret

az keyvault secret set --vault-name <yourKeyVaultName> --name "MySecret" --value "NewSecretValue"

List All Secrets

To list all secrets in the Key Vault:

az keyvault secret list --vault-name <yourKeyVaultName>

Delete a Secret

To delete a secret:

az keyvault secret delete --vault-name <yourKeyVaultName> --name "MySecret"

This command performs a soft-delete that’ll keep the secret for 90 days before it is purged.

DEV Community