Thank you for your time and patience throughout this issue!
For creating a copy/backup of your secrets, you can download a backup via the Azure Portal. However, those secrets will be encrypted to that Azure Key Vault (AKV) and can only be restored in that AKV within the same subscription. The only option available right now to migrate secrets to another subscription, would be to migrate/move your current Azure Key Vault to another subscription.
The recommended AKV best practices for your resources, is to use a vault per application per environment (Development, Pre-Production and Production). This helps you not share secrets across environments and also reduces the threat in case of a breach. For more info.
Since copying secrets from one key vault to another (within/across subscriptions) currently isn't supported, please feel free to create a feature request using our User Voice forum so our AKV engineering team can look into this.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Why do you need to copy secrets from one subscription to another?
ans: Each environment has its own subscription.
Can you move the whole Key Vault?
ans: If possible I want to copy the Keyvault rather than moving to other subscription.
Thank you for the quick response!
When you say each environment has its own subscription - are these other environments/resources (VMs, web apps, etc.), using the Key Vault that you're trying to copy secrets from?
Currently Environment resources have their secrets stored in keyvault that we are trying to copy. Similar resources like Webapp, VMs, Storage account) from destination subscription will be using secrets from the keyvault once the copy is completed.
Sign in to comment