question

RuijieShi-7610 avatar image
0 Votes"
RuijieShi-7610 asked JamesTran-MSFT edited

When to use AKV Extension schema when deploying it on VM through Powershell

Hi,

I am reading the https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/key-vault-windows and try to deploy it on Azure VM, but I am not sure if I still need to create an Extension Schema when using Powershell to deploy the AKV Extension on Azure VM.

The deployment code below seems not reading any template. So wondering if there is still steps need to follow for the Extension Schema.

Build settings

 $settings = '{"secretsManagementSettings": 
 { "pollingIntervalInS": "' + <pollingInterval> + 
 '", "certificateStoreName": "' + <certStoreName> + 
 '", "certificateStoreLocation": "' + <certStoreLoc> + 
 '", "observedCertificates": ["' + <observedCert1> + '","' + <observedCert2> + '"] } }'
 $extName =  "KeyVaultForWindows"
 $extPublisher = "Microsoft.Azure.KeyVault"
 $extType = "KeyVaultForWindows"


 # Start the deployment
 Set-AzVmExtension -TypeHandlerVersion "1.0" -ResourceGroupName <ResourceGroupName> -Location <Location> -VMName <VMName> -Name $extName -Publisher $extPublisher -Type $extType -SettingString $settings

Thanks!

azure-key-vaultazure-virtual-machines-extension
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT edited

@RuijieShi-7610
Thank you for your post and I apologize for the delayed response!

The PowerShell script you posted can be used to deploy the Key Vault VM extension to an existing virtual machine or virtual machine scale set. Keep in mind you'll have to update the variables within the triangle brackets "<>", and make sure that you complete the pre-requisites prior to running the script.

Azure PowerShell deployment:

 # Build settings
     $settings = @{
         "secretsManagementSettings" = @{ 
             "pollingIntervalInS"       = "3600"; 
             "certificateStoreName"     = "myCertStore"; 
             "certificateStoreLocation" = "LocalMachine"; 
             "observedCertificates"     = @("https://myvault.vault.azure.net/secrets/mycertificate", "https://myvault.vault.azure.net/secrets/mycertificate2") } }
        
         $extName =  "KeyVaultForWindows"
         $extPublisher = "Microsoft.Azure.KeyVault"
         $extType = "KeyVaultForWindows"
        
        
     # Start the deployment
     Set-AzVmExtension -TypeHandlerVersion "1.0" -ResourceGroupName "VirtualMachines" -Location "West US 2" -VMName "jatrantestVM" -Name $extName -Publisher $extPublisher -Type $extType -SettingString $settings

If you're having issue with the PowerShell script you can try running the CLI script to install the KeyVaultForWindows extension.

 # Start the deployment
      az vm extension set --name "KeyVaultForWindows" `
      --publisher Microsoft.Azure.KeyVault `
      --resource-group "VirtualMachines" `
      --vm-name "jatrantestVM" `
      --settings '{\"secretsManagementSettings\": { \"pollingIntervalInS\": \"3600\", \"certificateStoreName\": \"myCertStore\", \"certificateStoreLocation\": \"LocalMachine\", \"observedCertificates\": [\" https://myvault.vault.azure.net/secrets/mycertificate \", \" https://myvault.vault.azure.net/secrets/mycertificate2 \"] }}'

113132-image.png
113141-image.png


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (24.5 KiB)
image.png (33.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RuijieShi-7610
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·