Please refer to https://zimmergren.net/backup-azure-key-vault-secrets-keys-certificates/
azure key vault backup Query
Hello Team,
One more Query related to Azure. If we Download the Backup of all the Keys and Trying to import it to another Key valut or tanent then it decrypt all those keys or accept it?
Thank you in advance
2 answers
Sort by: Most helpful
-
-
JamesTran-MSFT 36,461 Reputation points Microsoft Employee
2023-03-20T20:38:49.6133333+00:00 Thank you for your post and I apologize for the delayed response!
When it comes to downloading a backup of your Key Vault objects such as secrets, keys, or certificates, the backup operation will download the objects as an encrypted blob. In order to get usable data from this blob,
you must restore the blob into a Key Vault within the same Azure subscription and Azure geography.
If you're trying to import this encrypted blob to another Azure AD tenant's Key Vault - since you'll need to
restore the blob into a Key Vault within the same Azure Subscription.
You'll also need to move the same subscription used to deploy the original Key Vault to this new tenant. For more info - Design considerations.-
Note:
Because the Azure Key Vault is automatically tied to the Azure Active Directory tenant ID for the subscription in which it is created. If you move your Azure subscription from tenant A to tenant B, your existing key vaults will be inaccessible by the service principals (users and applications) in tenant B. To fix this issue, you can reference our - Moving an Azure Key Vault to another subscription documentation.
I've also reached out to our Key Vault engineering team so they can look into this issue as well and will update as soon as possible.
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
-