az vm secret

Manage VM secrets.

Commands

az vm secret add Add a secret to a VM.
az vm secret format Transform secrets into a form that can be used by VMs and VMSSes.
az vm secret list List secrets on a VM.
az vm secret remove Remove a secret from a VM.

az vm secret add

Add a secret to a VM.

az vm secret add --certificate
--keyvault
[--certificate-store]
[--ids]
[--name]
[--resource-group]
[--subscription]

Examples

Add a secret to a VM. (autogenerated)

az vm secret add --certificate {certificate} --keyvault {keyvault} --name MyVirtualMachine --resource-group MyResourceGroup

Required Parameters

--certificate

Key vault certificate name or its full secret URL.

--keyvault

Name or ID of the key vault.

Optional Parameters

--certificate-store

Windows certificate store names. Default: My.

--ids

One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az vm secret format

Transform secrets into a form that can be used by VMs and VMSSes.

az vm secret format --secrets
[--certificate-store]
[--keyvault]
[--resource-group]
[--subscription]

Examples

Create a self-signed certificate with the default policy, and add it to a virtual machine.

az keyvault certificate create --vault-name vaultname -n cert1 \
                          -p "$(az keyvault certificate get-default-policy)"
                        
                        secrets=$(az keyvault secret list-versions --vault-name vaultname \
                          -n cert1 --query "[?attributes.enabled].id" -o tsv)
                        
                        vm_secrets=$(az vm secret format -s "$secrets")
                        az vm create -g group-name -n vm-name --admin-username deploy  \
                          --image debian --secrets "$vm_secrets"

Required Parameters

--secrets -s

Space-separated list of key vault secret URIs. Perhaps, produced by 'az keyvault secret list-versions --vault-name vaultname -n cert1 --query "[?attributes.enabled].id" -o tsv'.

Optional Parameters

--certificate-store

Windows certificate store names. Default: My.

--keyvault

Name or ID of the key vault.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az vm secret list

List secrets on a VM.

az vm secret list --name
--resource-group
[--subscription]

Examples

List secrets on a VM. (autogenerated)

az vm secret list --name MyVirtualMachine --resource-group MyResourceGroup

Required Parameters

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az vm secret remove

Remove a secret from a VM.

az vm secret remove --keyvault
[--certificate]
[--ids]
[--name]
[--resource-group]
[--subscription]

Required Parameters

--keyvault

Name or ID of the key vault.

Optional Parameters

--certificate

Key vault certificate name or its full secret URL.

--ids

One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.