Quickstart: Create a key vault using the Azure CLI
Azure Key Vault is a cloud service that provides a secure store for keys, secrets, and certificates. For more information on Key Vault, see About Azure Key Vault; for more information on what can be stored in a key vault, see About keys, secrets, and certificates.
Use Azure Cloud Shell using the bash environment.
If you prefer, install Azure CLI to run CLI reference commands.
- If you're using a local install, sign in with Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. See Sign in with Azure CLI for additional sign-in options.
- When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with Azure CLI.
- Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
- This quickstart requires version 2.0.4 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a resource group
A resource group is a logical container into which Azure resources are deployed and managed. The following example creates a resource group named ContosoResourceGroup in the eastus location.
az group create --name "myResourceGroup" -l "EastUS"
Create a key vault
Create a Key Vault in the resource group from the previous step. You will need to provide some information:
Key vault name: A string of 3 to 24 characters that can contain only numbers (0-9), letters (a-z, A-Z), and hyphens (-)
Each key vault must have a unique name. Replace
with the name of your key vault in the following examples.
Resource group name: myResourceGroup.
The location: EastUS.
az keyvault create --name "<your-unique-keyvault-name>" --resource-group "myResourceGroup" --location "EastUS"
The output of this cmdlet shows properties of the newly created key vault. Take note of the two properties listed below:
- Vault Name: The name you provided to the --name parameter above.
- Vault URI: In the example, this is https://<your-unique-keyvault-name>.vault.azure.net/. Applications that use your vault through its REST API must use this URI.
At this point, your Azure account is the only one authorized to perform any operations on this new vault.
Clean up resources
Other quickstarts and tutorials in this collection build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you may wish to leave these resources in place.
When no longer needed, you can use the Azure CLI az group delete command to remove the resource group and all related resources:
az group delete --name myResourceGroup
In this quickstart you created a Key Vault and deleted it. To learn more about Key Vault and how to integrate it with your applications, continue on to the articles below.