This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 49%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hey guys,
I have my open source postgresql deployed in Azure VMs. I would like to generate dynamic passwords for the database users using Azure Key Vault. Is it typically possible? If yes, can you please help down with steps or redirect me to right documentation?
Hi @Vinodh247-1375 , Thanks for your initial reply. But in the example that you have shown it looks like we are hardcoding Or storing the password in the vault. My need was like vault should rotate the password after defined frequency and generate a dynamic connection string to connect to postgresql. Thanks in advance! Wanted to check primarily whether that's feasible.
Hi @Vinodh247-1375 , Thanks for your initial reply. But in the example that you have shown it looks like we are hardcoding Or storing the password in the vault. My need was like vault should rotate the password after defined frequency and generate a dynamic connection string to connect to postgresql. Thanks in advance! Wanted to check primarily whether that's feasible.
Try this and let me know.
For key rotation policy in key-vault:
https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation
To retrieve secrets from Azure Key Vault and use them in Azure Postgresql:
After adding the secret to the key vault...
Hi @Vinodh247-1375 ,
In nutshell, we can do rotation of passwords and generate passwords dynamically with hashicorp vault only and azure keyvault can't do the same? Just trying to confirm the same.
We are bit aware with hashicorp vault that it has capability to meet our need, but was in thought whether azure key vault can do the same?
M, Anbazhagan: I have edited my comment and added more details, can you check on that and let me know if this helped.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
In the past I have used a random password generation function to do this using inline powershell in ARM/bicep templates and/or scripts then storing those in keyvaults. I am not aware of any means of doing this solely with keyvault.
Hope this helps
Thanks Michael Cameron , I just felt Azure Key Vault was capable of doing something similiar to what Hashicorp vault does with password storing and regenerating.
Hi M, Anbazhagan,
Thanks for reaching out to Microsoft Q&A.
after creating a secret in your Azure Key Vault that contains the password, you can try this...
To Retrieve the secret value
secret_value=$(az keyvault secret show --name AdminPassWord --vault-name <your-keyvault-name> --query value -o tsv)
Creating the PostgreSQL server
--az postgres server create \
--location <location> \
--resource-group <resource-group-name> \
--name <PostgresServerName> \
--admin-user <AdminUserName> \
--admin-password "$secret_value" \
--sku-name <pgSkuName>
```Alternatively, you can use the terraform to generate a password dynamically and store it in Azure Key Vault.
[https://blog.posedio.com/blog/postgres-database-crednetials-with-hashicorp-vault](https://blog.posedio.com/blog/postgres-database-crednetials-with-hashicorp-vault)
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.