Azure Key Vault is a secure secret storage service from Microsoft. You can use it to safeguard application credentials and SSH keys. In this post, I’ll show you how to create a Key Vault, and also how to add, retrieve and modify credentials in it.
Creating a Key Vault
Create a resource group if you don’t have one
az group create --name myResourceGroup --location westus2
Create an Azure Key Vault
az keyvault create --name <yourKeyVaultName> --resource-group myResourceGroup --location westus2
Replace yourKeyVaultName with your own name. Azure assigns DNS names for Key Vaults, so yourKeyVaultName must be globally unique.
Insert a Secret
To insert or set a new secret, use az keyvault secret set:
az keyvault secret set --vault-name <yourKeyVaultName> --name "MySecret" --value "SecretValue"
Retrieve a Secret
To securely retrieve a secret:
az keyvault secret show --vault-name <yourKeyVaultName> --name "MySecret"
To retrieve only the secret’s value and no other metadata:
az keyvault secret show --vault-name <yourKeyVaultName> --name "MySecret" --query value -o tsv
Update an Existing Secret
az keyvault secret set --vault-name <yourKeyVaultName> --name "MySecret" --value "NewSecretValue"
List All Secrets
To list all secrets in the Key Vault:
az keyvault secret list --vault-name <yourKeyVaultName>
Delete a Secret
To delete a secret:
az keyvault secret delete --vault-name <yourKeyVaultName> --name "MySecret"
This command performs a soft-delete that’ll keep the secret for 90 days before it is purged.