An Azure Key Vault is a great location for storing credential securely. In a recent article I cover how to:
Create a new Azure Key Vault
next, I want to cover how you can actually put credentials in there.
Step one is to navigate the Azure Key Vault you have created, and select the Secrets option from the menu on the left as shown above. From the menu on the right select +Generate/Import as shown.
Simply complete the fields as shown and select the Create button at the bottom of the window.
You will note that your secret (say a password) has a Name and potentially an activation and expiration date if desired. You can also enable or disable if desired.
You should now see that the secret has been created as shown above. To view the details simply click on the secret.
Here you’ll now see all the details about the secret. The good thing about information about an Azure Key Vault credential is that you can easily update it if required and previous versions will be retained. You can also control access to this individual secret via the Access control (IAM) on the menu on the left hand side.
If you now select the Current version displayed in the middle of the page you will get more details like so:
Here, you can update the settings for secret as well as reveal what the secret is by selecting the Show Secret Value button as shown.
You see the super secret password shown above.
One of the main reasons reasons for using an Azure Key Vault is that we can access this information also programmatically, for example by using PowerShell.
If I connect to Azure using the Azure PowerShell module with a user that has rights to access the vault and secret, I can run a command like:
get-azkeyvaultsecret -vaultname “vaultname” -name “secretname”
and the results will be shown above. But how do I get to the actual secret?
Basically, you repeat the previous command but this time assign it to a variable and add the –asplaintext option, like shown above. The command would look like:
$pwd = get-azkeyvaultsecret -vaultname “vaultname” -name “secretname” –asplaintext
Now the secret value (say password) is in the variable $pwd for use in my code.
PowerShell is not the only method you can use to obtain what is in an Azure Key Vault. You can use something like Power Automate and Flow, which I’ll cover off in an upcoming articles. However, PowerShell allows just about any function with vaults including creating, reading, deleting, updating and so on. Thus, using an Azure Key Vault provides a secure yet flexible method of storing credentials you want to protect as well as make potentially portable (i.e. you can use them anywhere on any device that runs PowerShell and connect to the internet).
So an Azure Key Vault provides secure storage for credentials that you can easily access programmatically using something like PowerShell and Power Automate. What can now be achieved with this? Stay tuned to find out more.