question

RajNair avatar image
0 Votes"
RajNair asked MayankBargali-MSFT answered

Copy secrets from Keyvault1 (subscription A) to Keyvault2 (subscription B ) using logic app

I have a scenario, in which when user changes secrets in keyvault 1 (subscription A), i would like to copy the same secrets to keyvault2( in another subscription B). Is this possible? If yes can i use a logic app to copy the secrets from keyvault 1 (subscription A) --> keyvault2( subscription B).

azure-logic-appsazure-key-vault
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi There,

Thank you for asking this question on the Microsoft Q&A Platform.

My opinion to use Powershell or Azure DevOps for this activity, because if you want to use the LA then you have to define the trigger point, either user have to create and call the another flow manually.

For Powershell or Azure DevOps approach please check this thread,

https://docs.microsoft.com/en-us/answers/questions/199024/how-to-copy-azure-keyvault-secrets-to-other-subscr.html

Regards,
Kamlesh Kumar
BizTalk Techie

If this answer solved your problem, please click the Verify Answer button (found below the answer) to help other users who have the same question.


0 Votes 0 ·

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered

@RajNair Thanks for reaching out. Apology for the delay in reaching out. Yes, you can automate your requirement using logic app workflow.
As you can monitor the keyvault resource using the event grid as documented here. The available events for Microsoft.KeyVault are listed here. So as per your requirement as someone updated the secret so the Microsoft.KeyVault.SecretNewVersionCreated event will be fired and call the logic app for further processing. You can call any HTTP call from logic app leveraging the Native HTTP connector.

Workflow:
Event Grid Trigger (when a resource event occurs) --> Native HTTP Connector (calls the Get Secret API to get the Secret) --> Native HTTP Connector (set Secret to create the same Secret as per the get secret API response from previous action)

In case you want to get familiar with Azure REST API and how you can authenticate the request you can refer to this REST document.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.