Add-AzVMSecret

Adds a secret to a virtual machine.

Syntax

Add-AzVMSecret
   [-VM] <PSVirtualMachine>
   [[-SourceVaultId] <String>]
   [[-CertificateStore] <String>]
   [[-CertificateUrl] <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The Add-AzVMSecret cmdlet adds a secret to a virtual machine. This value lets you add a certificate to the virtual machine. The secret must be stored in a Key Vault. For more information about Key Vault, see What is Azure Key Vault?. For more information about the cmdlets, see Azure Key Vault Cmdlets or the Set-AzKeyVaultSecret cmdlet.

Note

To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows instead of Add-AzVMSecret.

Examples

Example: Add a secret to a virtual machine using Add-AzVMSecret

$VirtualMachine = New-AzVMConfig -VMName "VirtualMachine07" -VMSize "Standard_A1" -AvailabilitySetID $AvailabilitySet.Id
$Credential = Get-Credential
$VirtualMachine = Set-AzVMOperatingSystem -VM $VirtualMachine  -Windows -ComputerName "Contoso26" -Credential $Credential
$SourceVaultId = "/subscriptions/46f8cea4-2de6-4179-8ab1-365da4211af4/resourceGroups/vault/providers/Microsoft.KeyVault/vaults/keyvault"
$CertificateStore01 = "My"
$CertificateUrl01 = "https://contosovault.vault.azure.net/secrets/514ceb769c984379a7e0230bdd703272"
$VirtualMachine = Add-AzVMSecret -VM $VirtualMachine -SourceVaultId $SourceVaultId -CertificateStore $CertificateStore01 -CertificateUrl $CertificateUrl01

The first command creates a virtual machine object, and then stores it in the $VirtualMachine variable. The command assigns a name and size to the virtual machine. The second command creates a credential object by using the Get-Credential cmdlet, and then stores the result in the $Credential variable. The command prompts you for a user name and password. For more information, type Get-Help Get-Credential. The third command uses the Set-AzVMOperatingSystem cmdlet to configure the virtual machine stored in $VirtualMachine. The fourth command assigns a source vault ID to the $SourceVaultId variable for later use. The command assumes that the $SubscriptionId variable has an appropriate value. The fifth command assigns a value to the $CertificateStore01 variable for later use. The sixth command assigns a URL for a certificate store. The seventh command adds a secret to the virtual machine stored in $VirtualMachine. The SourceVaultId parameter specifies the Key Vault. The command specifies the name of the certificate store and the URL of the certificate. You can run the Add-AzVMSecret repeatedly to add secrets for other certificates.

Parameters

-CertificateStore

Specifies the name of a certificate store on the virtual machine that runs the Windows operating system. This cmdlet adds the certificate to the store that this parameter specifies. You can only specify this parameter for virtual machines that run the Windows operating system.

Type:String
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-CertificateUrl

Specifies the URL that points to a Key Vault secret which contains a certificate. The certificate is the Base64 encoding of the following JavaScript Object Notation (JSON) object, which is encoded in UTF-8: { "data": "<Base64-encoded-file>", "dataType": "<file-format>", "password": "<pfx-file-password>" } Currently, dataType accepts only .pfx files.

Type:String
Position:3
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SourceVaultId

Specifies the resource ID of the Key Vault that contains the certificates that you can add to the virtual machine. This value also acts as the key for adding multiple certificates. This means that you can use the same value for SourceVaultId when you add multiple certificates from the same Key Vault.

Type:String
Aliases:Id
Position:1
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VM

Specifies the virtual machine object that this cmdlet modifies. To obtain a virtual machine object, use the Get-AzVM cmdlet. You can use the New-AzVMConfig cmdlet to create a virtual machine object.

Type:PSVirtualMachine
Aliases:VMProfile
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Inputs

PSVirtualMachine

String

Outputs

PSVirtualMachine