Creating Azure Key Vault with PowerShell

Vijay Kumar 2,016 Reputation points
2021-10-15T19:26:52.743+00:00

Hi Team,

I am planning to create Key Vault using Power Shell. Here is the simple code i prepared based on my requirement please correct me if i am worng.

Using below values i am able to create through Web UI but i don't have any idea about how to achieve through powershell.

Here is the simple code (Simple Key Vault for testing) i prepared based on my knowledge please correct me if i am worng.

az keyvault create --name "TEST-KEYVAULT01" --resource-group "testresourcegroup01" --location "WestUS" --subscription "mysubscription"
az keyvault secret set --name "Secret01" --vault-name "TEST-KEYVAULT01" --value "abcd"
az keyvault secret set --name "Secret02" --vault-name "TEST-KEYVAULT01" --file "C:\test\abcd_rsa_key.p8"

Get-AzAdUser -UserPrincipalName "abc@Neeraj Nagpal .com, xyz@Neeraj Nagpal .com"

Set-AzKeyVaultAccessPolicy -VaultName "TEST-KEYVAULT01" -ObjectId <Id> -PermissionsToSecrets get,list,backup -->Looks like this line is worng

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,126 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2021-10-15T21:17:38.14+00:00

    @Vijay Kumar
    Thank you for your post!

    Based off your az keyvault create and secret set CLI commands, those should be correct when using CLI. However, when it comes to assigning Key Vault access policies via CLI, you can use the az keyvault set-policy command - For more info.

    If you're trying to create an Azure Key Vault via PowerShell - Create Azure Key Vault with PowerShell: 

    Connect-AzAccount  
#Create a resource group  
New-AzResourceGroup -Name "myResourceGroup" -Location "EastUS"  
#Create a key vault  
New-AzKeyVault -Name "<your-unique-keyvault-name>" -ResourceGroupName "myResourceGroup" -Location "East US"  
#Give your user account permissions to manage secrets in Key Vault  
Set-AzKeyVaultAccessPolicy -VaultName "<your-unique-keyvault-name>" -UserPrincipalName "user@domain.com" -PermissionsToSecrets get,set,delete

    For more info - https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-powershell

    Additional Links:
    Assign a Key Vault access policy - PowerShell
    Az.KeyVault - PowerShell
    Set and retrieve a secret from Azure Key Vault using Azure CLI
    az keyvault - CLI

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.