How to copy Azure keyvault secrets to other subscription from Azure devops or powershell

Sandeep SV 11 Reputation points
2020-12-15T10:20:10.59+00:00

I'm required to migrate azure keyvault secrets to other, This needs to be done by Azure devops or powershell as I have only reader access in Azure portal. This needs to be done through service principal hence using azure devops.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,093 questions
{count} vote

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,351 Reputation points Microsoft Employee
    2020-12-18T19:02:44.113+00:00

    @Sandeep SV
    Thank you for your time and patience throughout this issue!

    For creating a copy/backup of your secrets, you can download a backup via the Azure Portal. However, those secrets will be encrypted to that Azure Key Vault (AKV) and can only be restored in that AKV within the same subscription. The only option available right now to migrate secrets to another subscription, would be to migrate/move your current Azure Key Vault to another subscription.

    49611-image.png
    The recommended AKV best practices for your resources, is to use a vault per application per environment (Development, Pre-Production and Production). This helps you not share secrets across environments and also reduces the threat in case of a breach. For more info.

    Since copying secrets from one key vault to another (within/across subscriptions) currently isn't supported, please feel free to create a feature request using our User Voice forum so our AKV engineering team can look into this.

    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments No comments