Skip to main content
Version: v0.3

Azure Key Vault

This module provides the following capabilities:


To have access to the following features, you have to import the module:

PS> Install-Module -Name Arcus.Scripting.KeyVault -RequiredVersion 0.3.0

Getting all access policies for an Azure Key Vault

Lists the current available access policies of the Azure Key Vault resource.

KeyVaultNameyesThe name of the key vault from which the access policies are to be retrieved
ResourceGroupNamenoThe resource group containing the key vault


PS> $accessPolicies = Get-AzKeyVaultAccessPolicies -KeyVaultName "my-key-vault"
# accessPolicies: {list: [{tenantId: ...,permissions: ...}]}
PS> $accessPolicies = Get-AzKeyVaultAccessPolicies -KeyVaultName "my-key-vault" -ResourceGroupName "my-resource-group"
# accessPolicies: {list: [{tenantId: ...,permissions: ...}]}

Setting a secret value from file into Azure Key Vault

Sets a secret certificate from a file as plain text in Azure Key Vault.

KeyVaultNameyesThe name of the Azure Key Vault where the secret should be added
SecretNameyesThe name of the secret to add in the Azure Key Vault
FilePathyesThe path to the file containing the secret certificate to add in the Azure Key Vault
ExpiresnoThe optional expiration date of the secret to add in the Azure Key Vault


PS> Set-AzKeyVaultSecretFromFile -KeyVaultName "my-key-vault" -SecretName "my-secret" -FilePath "/file-path/secret-certificate.pfx"
# Secret 'my-secret' has been created.

And with expiration date:

PS> Set-AzKeyVaultSecretFromFile -FilePath "/file-path/secret-certificate.pfx" -SecretName "my-secret" -Expires [Datetime]::ParseExact('07/15/2019', 'MM/dd/yyyy', $null) -KeyVaultName "my-key-vault"

Setting a secret value with BASE64 encoded file-content into Azure Key Vault

Uploads the content of a file as a Base64 encoded string, as plain text, into an Azure Key Vault secret. Can be useful when having to refer to a certificate from within an ARM-template.

KeyVaultNameyesThe name of the Azure Key Vault where the secret should be added
SecretNameyesThe name of the secret to add in the Azure Key Vault
FilePathyesThe path to the file containing the secret certificate to add in the Azure Key Vault
ExpiresnoThe optional expiration date of the secret to add in the Azure Key Vault


PS> Set-AzKeyVaultSecretAsBase64FromFile -KeyVaultName "my-key-vault" -SecretName "my-secret" -FilePath "/file-path/secret-certificate.pfx"
# Secret 'my-secret' has been created.

And with expiration date:

PS> Set-AzKeyVaultSecretAsBase64FromFile -FilePath "/file-path/secret-certificate.pfx" -SecretName "my-secret" -Expires [Datetime]::ParseExact('07/15/2019', 'MM/dd/yyyy', $null) -KeyVaultName "my-key-vault"