While working on Azure Key Vault I had the requirment to extract the secret value from Azure key vault Secret Identifier ID.
Working With Azure Key Vault Using Azure PowerShell and AzureCLI
You can find Secret Identifier by going to Azure Key vaults, select key vault >> Secrets Name >> Current Version. Url looks like {vaultBaseUrl}/secrets/{secret-name}/{secret-version}.
I am following Microsoft docs to get more information on how get value from KeyVault secret url. https://docs.microsoft.com/en-us/rest/api/keyvault/getsecret/getsecret. Login to the Azure with PowerShell az module.
Create key vault and secrets with access policies in Microsoft Azure.
❯ $credential = Get-Credential -UserName vaultviewer@bishopal.com -Message 'Microsoft Azure Login' ❯ Connect-AzAccount -Credential $credential
Next get the key vault secret url id either from Azure portal or get it from powershell cmdlet.
❯ Get-AzKeyVaultSecret -VaultName vCloud02Vault -Name RootSecret
Once I have the secret identifier id url, Next thing is required gererate Bearer Token from url https://vault.azure.net, I can use Powershell or AzureCLI to get information. (AzureCLI gives result output in Json format)
❯ Get-AzAccessToken -ResourceUrl https://vault.azure.net ❯ az account get-access-token --resource https://vault.azure.net | ConvertFrom-Json
Once I have all the pieces gathered connect them and use them in the Invoke-RestMethod, to get key vault Secret value as shown below.
Part 1: Working With Azure Key Vault Using Azure PowerShell and AzureCLI
Part 2: Create a Virtual machine on Microsoft Azure
Part 3: Use a Azure VM system assigned managed identity to access Azure Key Vault
❯ $keyVaulttoken = Get-AzAccessToken -ResourceUrl https://vault.azure.net ❯ $headers = @{"Authorization" = "Bearer $($keyVaulttoken.Token)"} ❯ $response = Invoke-RestMethod -Uri https://vcloud02vault.vault.azure.net/secrets/RootSecret/03d6fd62056a4790a8982b1a75f320f8?api-version=7.1 -Headers $headers ❯ $response.value
Download this script here or it is also available on github.com.
Useful Articles
CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)
MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL