how to add secret and retrieve it in vm powershell

Question

I have configured a secret in key vault so i'm trying to retrieve it in my vm by using powershell commands so i just need navigation steps to retrieve the secret and also i have added the access policies and selected the particular vm.

Answer 1

Hello @Vishwa teja Devarakonda ,

Thank you for reaching out Microsoft Q&A.

I understand that you want to retrieve a secret using PowerShell on a virtual machine (VM). I successfully configured a secret in an Azure Key Vault and retrieved it on my VM using PowerShell.
Below are the steps I followed:

1. Key Vault Access Configuration:
   • While creating the Key Vault, I selected Azure Role-Based Access Control (RBAC) as the permission model.
   • 
2. Assign Role and Create Secret:
   • Before creating the secret in the Key Vault, I assigned the Key Vault Administrator role to key vault.
   • Then, I created the secret in the Key Vault.
3. Enable System-Assigned Managed Identity for the VM:
   • In the Azure portal, navigate to your VM and go to Security > Identity > System Assigned, and set it to ON.
   • 
4. Retrieve the Secret Using PowerShell:
   • Open PowerShell as an administrator on the VM and run the following commands:

          Install-module az
          Connect-AzAccount -Tenant <your_tenant_id>
          Get-AzKeyVaultSecret -VaultName "<your_vault_name>" -Name "<your_secret_name>" -AsPlainText
          
          
          
     

   • 
   • NOTE: Replace <your_tenant_id> with your actual tenant ID, <your_vault_name> with the name of your Key Vault, and <your_secret_name> with the name of your secret.

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Regards,
Goutam Pratti.

Answer 2

To retrieve the secret using powershell, use the steps here:

https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-powershell

$secret = Get-AzKeyVaultSecret -VaultName "<YourKeyVaultName>" -Name "<YourSecretName>"
$secretValue = $secret.SecretValueText

Regards,

Abiola

Answer 3

Hi,

Below is sample code to retrieve a secret using PowerShell running inside of vm using system managed identity. I modified this sample to create it.

$vaultUri = "https://mykeyvault.vault.azure.net"
$secretName = "testsecretname"
$response = Invoke-WebRequest -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$vaultUri" -Headers @{Metadata="true"}
$access_token = ($response.Content|ConvertFrom-Json).access_token
$requestUri = $vaultUri + "/secrets/" + $secretName + "?api-version=7.4"
$vaultResponse = (Invoke-WebRequest -Uri $requestUri -Method GET -ContentType "application/json" -Headers @{Authorization ="Bearer $access_token"}).content
$secretValue = ($vaultResponse|ConvertFrom-Json).value
echo $secretValue

NOTE: for the above sample you need to enable the System Managed Identity on the VM via its Identity blade, and on your key vault the managed identity needs to be assigned Key Vault Secrets User role. The key vault access configuration needs to be set to Azure role-based access control.

Alternatively you can use vault access policy mode if you prefer (from your description it sounds like that is what you are using) just make sure to grant the managed identity permission to secrets.

Please click Accept Answer and upvote if the above was helpful. If something is unclear please add a comment below.

Thanks.

-TP