Add-AzVMSecret
Adds a secret to a virtual machine.
Syntax
Add-AzVMSecret
[-VM] <PSVirtualMachine>
[[-SourceVaultId] <String>]
[[-CertificateStore] <String>]
[[-CertificateUrl] <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The Add-AzVMSecret cmdlet adds a secret to a virtual machine. This value lets you add a certificate to the virtual machine. The secret must be stored in a Key Vault. For more information about Key Vault, see What is Azure Key Vault?. For more information about the cmdlets, see Azure Key Vault Cmdlets or the Set-AzKeyVaultSecret cmdlet.
Note
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows instead of Add-AzVMSecret.
Examples
Example: Add a secret to a virtual machine using Add-AzVMSecret
$VirtualMachine = New-AzVMConfig -VMName "VirtualMachine07" -VMSize "Standard_A1" -AvailabilitySetID $AvailabilitySet.Id
$Credential = Get-Credential
$VirtualMachine = Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -ComputerName "Contoso26" -Credential $Credential
$SourceVaultId = "/subscriptions/46f8cea4-2de6-4179-8ab1-365da4211af4/resourceGroups/vault/providers/Microsoft.KeyVault/vaults/keyvault"
$CertificateStore01 = "My"
$CertificateUrl01 = "https://contosovault.vault.azure.net/secrets/514ceb769c984379a7e0230bdd703272"
$VirtualMachine = Add-AzVMSecret -VM $VirtualMachine -SourceVaultId $SourceVaultId -CertificateStore $CertificateStore01 -CertificateUrl $CertificateUrl01The first command creates a virtual machine object, and then stores it in the $VirtualMachine variable.
The command assigns a name and size to the virtual machine.
The second command creates a credential object by using the Get-Credential cmdlet, and then stores the result in the $Credential variable.
The command prompts you for a user name and password.
For more information, type Get-Help Get-Credential.
The third command uses the Set-AzVMOperatingSystem cmdlet to configure the virtual machine stored in $VirtualMachine.
The fourth command assigns a source vault ID to the $SourceVaultId variable for later use.
The command assumes that the $SubscriptionId variable has an appropriate value.
The fifth command assigns a value to the $CertificateStore01 variable for later use.
The sixth command assigns a URL for a certificate store.
The seventh command adds a secret to the virtual machine stored in $VirtualMachine.
The SourceVaultId parameter specifies the Key Vault.
The command specifies the name of the certificate store and the URL of the certificate.
You can run the Add-AzVMSecret repeatedly to add secrets for other certificates.
Parameters
-CertificateStore
Specifies the name of a certificate store on the virtual machine that runs the Windows operating system. This cmdlet adds the certificate to the store that this parameter specifies. You can only specify this parameter for virtual machines that run the Windows operating system.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-CertificateUrl
Specifies the URL that points to a Key Vault secret which contains a certificate. The certificate is the Base64 encoding of the following JavaScript Object Notation (JSON) object, which is encoded in UTF-8: { "data": "<Base64-encoded-file>", "dataType": "<file-format>", "password": "<pfx-file-password>" } Currently, dataType accepts only .pfx files.
| Type: | String |
| Position: | 3 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceVaultId
Specifies the resource ID of the Key Vault that contains the certificates that you can add to the virtual machine. This value also acts as the key for adding multiple certificates. This means that you can use the same value for SourceVaultId when you add multiple certificates from the same Key Vault.
| Type: | String |
| Aliases: | Id |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-VM
Specifies the virtual machine object that this cmdlet modifies. To obtain a virtual machine object, use the Get-AzVM cmdlet. You can use the New-AzVMConfig cmdlet to create a virtual machine object.
| Type: | PSVirtualMachine |
| Aliases: | VMProfile |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Outputs
Related Links
Azure PowerShell