Generate dynamic passwords with Azure Key Vault for Postgresql Database running in Azure VM

M, Anbazhagan 20 Reputation points
2024-05-25T12:00:03.65+00:00

Hey guys,

I have my open source postgresql deployed in Azure VMs. I would like to generate dynamic passwords for the database users using Azure Key Vault. Is it typically possible? If yes, can you please help down with steps or redirect me to right documentation?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,320 questions
{count} votes

Accepted answer
  1. Michael Cameron 607 Reputation points
    2024-05-27T10:50:53.6633333+00:00

    In the past I have used a random password generation function to do this using inline powershell in ARM/bicep templates and/or scripts then storing those in keyvaults. I am not aware of any means of doing this solely with keyvault.

    Hope this helps

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Vinodh247 24,001 Reputation points MVP
    2024-05-25T13:37:36.5233333+00:00

    Hi M, Anbazhagan,

    Thanks for reaching out to Microsoft Q&A.

    after creating a secret in your Azure Key Vault that contains the password, you can try this...

    To Retrieve the secret value

    secret_value=$(az keyvault secret show --name AdminPassWord --vault-name <your-keyvault-name> --query value -o tsv)

    Creating the PostgreSQL server

    --az postgres server create \
    
    --location <location> \
    
    --resource-group <resource-group-name> \
    
    --name <PostgresServerName> \
    
    --admin-user <AdminUserName> \
    
    --admin-password "$secret_value" \
    
    --sku-name <pgSkuName>
    ```Alternatively, you can use the terraform to generate a password dynamically and store it in Azure Key Vault.
    
    [https://blog.posedio.com/blog/postgres-database-crednetials-with-hashicorp-vault](https://blog.posedio.com/blog/postgres-database-crednetials-with-hashicorp-vault)
    
    Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.