how to add secret and retrieve it in vm powershell

Vishwa teja Devarakonda 5 Reputation points
2024-11-17T05:42:51.75+00:00

I have configured a secret in key vault so i'm trying to retrieve it in my vm by using powershell commands so i just need navigation steps to retrieve the secret and also i have added the access policies and selected the particular vm.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,327 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,105 questions
{count} votes

3 answers

Sort by: Most helpful
  1. akinbade abiola 20,070 Reputation points
    2024-11-17T16:38:56.53+00:00

    To retrieve the secret using powershell, use the steps here:

    https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-powershell

    $secret = Get-AzKeyVaultSecret -VaultName "<YourKeyVaultName>" -Name "<YourSecretName>"
    $secretValue = $secret.SecretValueText
    
    

    Regards,

    Abiola

    0 comments No comments

  2. TP 100.1K Reputation points
    2024-11-20T05:23:03.1666667+00:00

    Hi,

    Below is sample code to retrieve a secret using PowerShell running inside of vm using system managed identity. I modified this sample to create it.

    $vaultUri = "https://mykeyvault.vault.azure.net"
    $secretName = "testsecretname"
    $response = Invoke-WebRequest -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$vaultUri" -Headers @{Metadata="true"}
    $access_token = ($response.Content|ConvertFrom-Json).access_token
    $requestUri = $vaultUri + "/secrets/" + $secretName + "?api-version=7.4"
    $vaultResponse = (Invoke-WebRequest -Uri $requestUri -Method GET -ContentType "application/json" -Headers @{Authorization ="Bearer $access_token"}).content
    $secretValue = ($vaultResponse|ConvertFrom-Json).value
    echo $secretValue
    
    
    

    NOTE: for the above sample you need to enable the System Managed Identity on the VM via its Identity blade, and on your key vault the managed identity needs to be assigned Key Vault Secrets User role. The key vault access configuration needs to be set to Azure role-based access control.

    Alternatively you can use vault access policy mode if you prefer (from your description it sounds like that is what you are using) just make sure to grant the managed identity permission to secrets.

    Please click Accept Answer and upvote if the above was helpful. If something is unclear please add a comment below.

    Thanks.

    -TP


  3. Goutam Pratti 900 Reputation points Microsoft Vendor
    2024-11-27T13:08:01.2066667+00:00

    Hello @Vishwa teja Devarakonda ,

    Thank you for reaching out Microsoft Q&A.

    I understand that you want to retrieve a secret using PowerShell on a virtual machine (VM). I successfully configured a secret in an Azure Key Vault and retrieved it on my VM using PowerShell.
    Below are the steps I followed:

    1. Key Vault Access Configuration:
      • While creating the Key Vault, I selected Azure Role-Based Access Control (RBAC) as the permission model.
      • User's image
    2. Assign Role and Create Secret:
      • Before creating the secret in the Key Vault, I assigned the Key Vault Administrator role to key vault.
      • Then, I created the secret in the Key Vault.
    3. Enable System-Assigned Managed Identity for the VM:
      • In the Azure portal, navigate to your VM and go to Security > Identity > System Assigned, and set it to ON.
      • User's image
    4. Retrieve the Secret Using PowerShell:
      • Open PowerShell as an administrator on the VM and run the following commands:
             Install-module az
             Connect-AzAccount -Tenant <your_tenant_id>
             Get-AzKeyVaultSecret -VaultName "<your_vault_name>" -Name "<your_secret_name>" -AsPlainText
             
             
             
        
      • paint
      • NOTE: Replace <your_tenant_id> with your actual tenant ID, <your_vault_name> with the name of your Key Vault, and <your_secret_name> with the name of your secret.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Regards,
    Goutam Pratti.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.