Azure Key Vault is a cloud service that helps store and securely access secrets. The secret could be anything we want to secure, like API keys, credentials, etc. It provides data encryption when moving from a key vault to a client application, making it more secure. It is possible to get and set key vault secrets programmatically. This article describes how to Update secret in Azure Key Vault using PowerShell.
Pre-requisites:
1. Azure Az PowerShell module installed and you have the appropriate permissions to access and modify the Azure Key Vault.
2. Azure key vault with appropriate permissions.
Update key vault secrets using PowerShell
Run below PowerShell command in any editor like PowerShell ISE.
$azureTenantId = "tenantid"
$subscriptionId = "subscriptionId"
$keyVaultName = "vaultname"
"'Log in to Azure..."
Connect-AzAccount -Tenant $azureTenantId -Subscription $subscriptionId
Set-AzContext -TenantId $azureTenantId
$secretAccessKeyID = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name <key name> -SecretValue <secret value>
Here,
Connect-AzAccount -Tenant $azureTenantId -Subscription $subscriptionId
This cmdlet connects to your Azure account using the specified Azure Tenant ID and Subscription ID. It initiates an authentication process to sign in to Azure.
Set-AzContext -TenantId $azureTenantId
This cmdlet sets the context for the current session to the specified Azure Tenant ID. It ensures that it can perform subsequent operations in the context of the specified Azure tenant.
$secretAccessKeyID = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name <key name> -SecretValue <secret value>
This line updates a secret in the Azure Key Vault specified by $keyVaultName
. It uses the Set-AzKeyVaultSecret
cmdlet to perform this task. Replace <key name>
with the name of the secret you want to update, and <secret value>
with the new value for the secret.
Update secret in azure key vault using managed identity
$azureTenantId = "tenantid"
$keyVaultName = "vaultname"
"'Log in to Azure…"
Connect-AzAccount -Identity
Set-AzContext -TenantId $azureTenantId
$secretAccessKeyID = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name <key name> -SecretValue <secret value>
Here,
Connect-AzAccount -Identity
To connect to Azure, this command uses the Managed Service Identity (MSI) of the current environment where the script is running. With MSI, you can access Azure resources without the need for explicit credentials in the code. However, it is important to note that this requires the environment to have a system-assigned or user-assigned managed identity with the necessary permissions to access the Azure Key Vault.
Set-AzContext -TenantId $azureTenantId
This cmdlet sets the context for the current session to the specified Azure Tenant ID. It ensures that subsequent operations are performed in the context of the specified Azure tenant. The value for $azureTenantId
was retrieved from the Azure Automation variable.
$secretAccessKeyID = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name <key name> -SecretValue <secret value>
This line updates a secret in the Azure Key Vault specified by $keyVaultName
. It uses the Set-AzKeyVaultSecret
cmdlet to perform this task. Replace <key name>
with the name of the secret you want to update, and <secret value>
with the new value for the secret.
Pro tips:
1. Be cautious while updating secrets; they are sensitive information and should be handled securely.
2. While we can only change secret attributes such as expiration date, activation date. However, we can add a new version of the existing secret
3. Follow this article if you want to learn how to access key vault secrets in Azure Data Factory.
See more
Kunal Rathi
With over 13 years of experience in data engineering and analytics, I've assisted countless clients in gaining valuable insights from their data. As a dedicated supporter of Data, Cloud and DevOps, I'm excited to connect with individuals who share my passion for this field. If my work resonates with you, we can talk and collaborate.