I need to add a prefix to all my secrets in an Azure Key Vault.
There seems to be no API or cmdlet for this, and not possible in the Azure Portal either.
How can I accomplish this?
Asked
Active
Viewed 6,746 times
2 Answers
5
The PowerShell script below creates new keys with a prefix added.
(az keyvault secret list --vault-name <AZURE_KEY_VAULT_NAME> | ConvertFrom-Json) | %{ az keyvault secret show --id $_.id | ConvertFrom-Json | %{ az keyvault secret set --vault-name ([uri]$_.id).Host.Split('.')[0] -n "<PREFIX>-$(([uri]$_.id).Segments[2].TrimEnd('/'))" --value `"$($_.value)`" } }
Make sure to replace <AZURE_KEY_VAULT_NAME> and <PREFIX> before running the script.
The az PowerShell module can be installed from https://learn.microsoft.com/en-us/powershell/azure/
Svein Fidjestøl
- 3,106
- 2
- 24
- 40
-
8what sort of monstrosity is that? – 4c74356b41 Nov 29 '19 at 07:53
5
Here is a example is Bash.
AZURE_KEY_VAULT_NAME=<Your KeyVault name>
PREFIX="-old"
for secret_name in $(az keyvault secret list --vault-name $AZURE_KEY_VAULT_NAME --query '[].[name]' -o tsv); do
echo "Rename ${secret_name} into ${secret_name}${PREFIX}"
secret=$(az keyvault secret show --vault-name $AZURE_KEY_VAULT_NAME --name ${secret_name} --query value -o tsv)
az keyvault secret set --vault-name $AZURE_KEY_VAULT_NAME --name ${secret_name}${PREFIX} --value $secret
# Delete original key if needed
# az keyvault secret delete --vault-name $AZURE_KEY_VAULT_NAME --name ${secret_name}
# Perminantly
# az keyvault secret purge --vault-name $AZURE_KEY_VAULT_NAME --name ${secret_name}
done
Instead of list over all keys, you could use grep to get a subset, or just provide a list (space seperated) of secrets, e.g.
$(az keyvault secret list --vault-name $AZURE_KEY_VAULT_NAME --query '[].[name]' -o tsv | grep example)secret1 secret2 secret3
Dirc
- 386
- 4
- 9