Use Azure Key Vault in automation
This article provides an example for using Azure Key Vault in an automation scenario. Azure Key Vault provides you a way to securely store and retrieve the passwords, tokens and other secrets, that are stored outside of the local machine, and use them in your automation pipeline.
Set up the host that runs the automation
Beginning with Az.KeyVault 3.3.0, the module includes a SecretManagement extension that allows you to use the SecretManagement cmdlets to interact with secrets stored in Azure Key Vault.
First, you should create a Key Vault in your Azure subscription and add your secrets. For more information, see Quickstart: Set and retrieve a key from Azure Key Vault using Azure PowerShell.
To use the Azure Key Vault with SecretManagement first ensure that you have the Az.KeyVault module.
Next, register the vault using your AZKVaultName and SubscriptionId. These commands must be run in the user context of the automation account on the automation host.
Install-Module -Name Microsoft.PowerShell.SecretManagement -Repository PSGallery -Force
Install-Module Az.KeyVault -Repository PSGallery -Force
Import-Module Microsoft.PowerShell.SecretManagement
Import-Module Az.KeyVault
$VaultParameters = @{
AZKVaultName = $vaultName
SubscriptionId = $subID
}
Register-SecretVault -Module Az.KeyVault -Name AzKV -VaultParameters $VaultParameters
Use Azure Key Vault secrets in automation
Now that you have registered your Azure Key Vault with SecretManagement you can view secrets
with Get-SecretInfo, get secrets with Get-Secret, create and update secrets with Set-Secret,
and remove secrets with Remove-Secret.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for