You are currently viewing Managing Azure Key Vault and Secrets with Azure CLI

Managing Azure Key Vault and Secrets with Azure CLI

In this short article, let’s have a look at small tip to remember the Azure CLI commands for managing key vault itself and the keys, secrets and certificates in it.

Key Vault

To know the Azure CLI commands for Azure key vault management, let’s try to know more about life-cycle of the key vault. Below diagram shows a high level overview:

  • Created, when a new key vault is created
  • In Use, the key vault which is used by one or more applications for storing the secrets. It has one or more access policies.
  • Deleted, when the key vault is deleted. Please note that a deleted key vault can be restored.
  • Purged, when the key vault is purged and deleted permanently. It means the key vault cannot be restored.

So, you can now easily remember and understand the Azure CLI commands which can be used for Azure key vault management.

The only thing to remember is all the key vault management commands start with az keyvault and some additional text like what operation needs to be performed and parameters for that operation.

Below code snippet shows some of the important commands with some comments to explain more about each commands. For full list of Azure CLI commands, please refer the documentation.

Keys / Secrets / Certificates

Azure key vault solves the problem of securely storing the keys, secrets and certificates. So, if application needs any secret, applications can connect securely with key vault and know the value of a secret.

All the Azure CLI commands which manage these items in key vault start with

  • for keys, commands start with az keyvault key
  • for secrets, commands start with az keyvault secret
  • for certificates, commands start with az keyvault certificate

Below is a high level diagram which shows high level life-cycle of the keys, secrets and certificates:

Life-cycle for keys, secrets and certificates in key vault
  • Created, when a new key / secret / certificate is created. One can create individual secret or can import it.
  • In Use, when the secret is being used. Key vault maintains the version history. We can also update the existing secrets.
  • Deleted, when the key / secret/ certificate is deleted
  • Purged, when the key/secret/certificate is permanently deleted

Below snippet shows some of the useful Azure CLI commands. Refer documentation for more details.

I hope you find this tip useful. Let me know your thoughts.

Leave a Reply