I have some JSON that I want to store in Azure Key Vault.
The data is not hierarchical just like this:
{
"type": "XXXXXX",
"project_id": "XXXXXX",
"private_key_id": "XXXXXXXX"
}
But I have 4 sets of JSON Data and there are about secrets in each one, so I am hoping that I do not have to break these out into separate keys, but if I must I will do this.
Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets.
To store any text file in AzureKeyVault secret Set-AzureKeyVaultSecret cmdlet shall be used and contents of the file shall be passed as SecureString to SecretValue parameter. To retrieve it we can use help of PSCredentialObject to convert securestring to plaintext and save it as a file.
| Jan 5, 2017. In this post, I will introduce you to the syntax of an Azure JSON (JavaScript Object Notation) file, a template that you can use to quickly deploy a repeatable solution in Microsoft Azure.
Steps. Open the properties of your data factory and copy the Managed Identity Application ID value. Open the key vault access policies and add the managed identity permissions to Get and List secrets. Click Add, then click Save.
Consider this to be a valid statement to add a secret to an Azure Key Vault using the Azure CLI:
az keyvault secret set --vault-name "<YourKeyVaultName>" --name "AppSecret" --value "MySecret"
, taken from Tutorial: Use Azure Key Vault with an Azure web app in .NET
Building on this, I do not see any reason the value MySecret
couldn't be a JSON string.
Investigating a bit further, have a look at About keys, secrets, and certificates - Key Vault secrets:
From a developer's perspective, Key Vault APIs accept and return secret values as strings. Internally, Key Vault stores and manages secrets as sequences of octets (8-bit bytes), with a maximum size of 25k bytes each.
So as long as your JSON is under the 25k limit, you should be good to go.
The trick is to properly escape the quotes (\`"
= backslash
, backtick
& double quote
) on the PowerShell command line in such a way as to satisfy both JSON and PowerShell formats for escaping quotes. Here is an example of how you would add your JSON string as the secret's value. Note the text in the --value
has a \`"
escape sequence for every quote that needs escaping. PowerShell needs the backtick
to escape the double quote
on the command line. A JSON string needs the backslash
to escape a double quote
. So, you get the backtick
placed in-between the backslash
and double quote
(\`"
) thus satisfying both PowerShell and JSON:
az keyvault secret set `
--vault-name "<YourKeyVaultName>" `
--name "AppSecret" `
--description "An optional description" `
--disabled false `
--value "{\`"type\`":\`"XXXXXX\`",\`"project_id\`":\`"XXXXXX\`",\`"private_key_id\`":\`"XXXXXXXX\`"}"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With