question

14169961 avatar image
0 Votes"
14169961 asked sikumars commented

Azure Key Vault secrets from scheduled script

We have a PS script scheduled via Task Scheduler on Azure VM. This script should read sensitive data from Azure Key Vault such as passwords.
The VM is a member of AAD DS domain. A service account used in scheduled task is created in AAD and synced to AAD DS. The service account has permissions to read secrets.
Cannot find a solution how to connect to a Key Vault from PS script without entering service account credentials. We use integrated security to access storage account file shares, is there an option to connect to a Key Vault in same way?

azure-key-vault
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @14169961,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,

0 Votes 0 ·

1 Answer

sikumars avatar image
1 Vote"
sikumars answered sikumars commented

Hello @14169961,

Thank you for reaching out and apologize for delayed response.

You could Use a Windows VM system-assigned managed identity to access Azure Key Vault .

Managed Identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without having credentials in your code.

To know more about managed Identities, read.

Hope this helps.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@14169961,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,

0 Votes 0 ·
  • have the same question but Managed Identities are meant for Azure resources. If I want to run a script from Onprem server and fetch password from azure vault, how can this be setup.

0 Votes 0 ·

If you cannot use managed identity, you instead register the application with your Azure AD tenant, as described on Quickstart: Register an application with the Azure identity platform. More information: https://docs.microsoft.com/en-us/azure/key-vault/general/authentication

0 Votes 0 ·