Exercise: Set and retrieve a secret from Azure Key Vault by using Azure CLI
In this exercise you learn how to perform the following actions by using the Azure CLI:
- Create a Key Vault
- Add and retrieve a secret
Prerequisites
-
- An Azure account with an active subscription. If you don't already have one, you can sign up for a free trial at https://azure.com/free
Sign in to Azure and start the Cloud Shell
Sign in to the Azure portal and open the Cloud Shell.
When the shell opens be sure to select the Bash environment.
Create a Key Vault
Let's set some variables for the CLI commands to use to reduce the amount of retyping. Replace the
<myLocation>variable string with a region that makes sense for you. The Key Vault name needs to be a globally unique name, and the following script generates a random string.myKeyVault=az204vault-$RANDOM myLocation=<myLocation>Create a resource group.
az group create --name az204-vault-rg --location $myLocationCreate a Key Vault by using the
az keyvault createcommand.az keyvault create --name $myKeyVault --resource-group az204-vault-rg --location $myLocationNote
This can take a few minutes to run.
Add and retrieve a secret
To add a secret to the vault, you just need to take a couple of extra steps.
Create a secret. Let's add a password that could be used by an app. The password is called ExamplePassword and will store the value of hVFkk965BuUv in it.
az keyvault secret set --vault-name $myKeyVault --name "ExamplePassword" --value "hVFkk965BuUv"Use the
az keyvault secret showcommand to retrieve the secret.az keyvault secret show --name "ExamplePassword" --vault-name $myKeyVaultThis command returns some JSON. The last line contains the password in plain text.
"value": "hVFkk965BuUv"
You've created a Key Vault, stored a secret, and retrieved it.
Clean up resources
If you no longer need the resources in this exercise use the following command to delete the resource group and associated Key Vault.
az group delete --name az204-vault-rg --no-wait