Creating Key Vault and keys and secret
New-AzureRmKeyVault -VaultName 'ContosoKeyVault' -ResourceGroupName 'ContosoResourceGroup' -Location 'East Asia'
$key =
Add-AzureKeyVaultKey -VaultName 'ContosoKeyVault' -Name 'ContosoFirstKey'
-Destination 'Software'
$secretvalue =
ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force
$secret =
Set-AzureKeyVaultSecret -VaultName 'ContosoKeyVault' -Name 'SQLPassword'
-SecretValue $secretvalue
Integration with Azure
active directory
Applications that use a
key vault must authenticate by using a token from Azure Active Directory. To do
this, the owner of the application must first register the application in their
Azure Active Directory
Authorize the application to use the key or secret
Set-AzureRmKeyVaultAccessPolicy
-VaultName 'ContosoKeyVault' -ServicePrincipalName
8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed -PermissionsToKeys decrypt,sign
Set-AzureRmKeyVaultAccessPolicy
-VaultName 'ContosoKeyVault' -ServicePrincipalName
8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed -PermissionsToSecrets Get
Regenerate the Keys
$regenerationPeriod = [System.Timespan]::FromDays(1)
$parameters = @{
VaultName = $keyVaultName
AccountResourceId = $storageAccountId
AccountName = "mystoragetest1"
ActiveKeyName = "key1"
RegenerationPeriod = $regenerationPeriod
}
Add-AzureKeyVaultManagedStorageAccount @parameters
Get-AzureKeyVaultManagedStorageAccount
Update-AzureKeyVaultManagedStorageAccountKey
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application
No comments:
Post a Comment