az vm secret
Manage VM secrets.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az vm secret add |
Add a secret to a VM. |
Core | GA |
| az vm secret format |
Transform secrets into a form that can be used by VMs and VMSSes. |
Core | GA |
| az vm secret list |
List secrets on a VM. |
Core | GA |
| az vm secret remove |
Remove a secret from a VM. |
Core | GA |
az vm secret add
Add a secret to a VM.
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows instead of az vm secret add.
az vm secret add --certificate
--keyvault
[--certificate-store]
[--ids]
[--name]
[--resource-group]
[--subscription]Examples
Add a secret to a VM. (autogenerated)
az vm secret add --certificate {certificate} --keyvault {keyvault} --name MyVirtualMachine --resource-group MyResourceGroupRequired Parameters
Key vault certificate name or its full secret URL.
Name or ID of the key vault.
Optional Parameters
Windows certificate store names. Default: My.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az vm secret format
Transform secrets into a form that can be used by VMs and VMSSes.
az vm secret format --secrets
[--certificate-store]
[--keyvault]
[--resource-group]Examples
Create a self-signed certificate with the default policy, and add it to a virtual machine.
az keyvault certificate create --vault-name vaultname -n cert1 \
-p "$(az keyvault certificate get-default-policy)"
secrets=$(az keyvault secret list-versions --vault-name vaultname \
-n cert1 --query "[?attributes.enabled].id" -o tsv)
vm_secrets=$(az vm secret format -s "$secrets")
az vm create -g group-name -n vm-name --admin-username deploy \
--image Debian11 --secrets "$vm_secrets"Required Parameters
Space-separated list of key vault secret URIs. Perhaps, produced by 'az keyvault secret list-versions --vault-name vaultname -n cert1 --query "[?attributes.enabled].id" -o tsv'.
The command will attempt to resolve the vault ID for each secret. If it is unable to do so, specify the vault ID to use for all secrets using: --keyvault NAME --resource-group NAME | --keyvault ID.
Optional Parameters
Windows certificate store names. Default: My.
Name or ID of the key vault.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az vm secret list
List secrets on a VM.
az vm secret list --name
--resource-groupExamples
List secrets on a VM. (autogenerated)
az vm secret list --name MyVirtualMachine --resource-group MyResourceGroupRequired Parameters
The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az vm secret remove
Remove a secret from a VM.
az vm secret remove --keyvault
[--certificate]
[--ids]
[--name]
[--resource-group]
[--subscription]Required Parameters
Name or ID of the key vault.
Optional Parameters
Key vault certificate name or its full secret URL.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
