Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get Access Policies of the Azure KeyVault using Azure PowerShell

I'm working on an Azure Powershell script which compares the secrets and the access policies of two Azure KeyVaults.

For comparing the secrets of the Azure KeyVault I've used the command Get-AzureKeyVaultSecret which worked fine,
but for the access policies seems like there is no any command like Get-AzKeyVaultAccessPolicy.

So, is there any way to retrieve the access policies from the KeyVault using Azure PowerShell?

like image 890
Just Shadow Avatar asked Nov 07 '19 10:11

Just Shadow


2 Answers

Here is a solution for Azure Powershell:

$keyVaultName = "KEYVAULT_NAME_HERE"
$keyVault = Get-AzKeyVault -VaultName $keyVaultName
$accessPolicies = $keyVault.AccessPolicies

# Logging the amount of the items
Write-Host "$($keyVault.AccessPolicies.Count)"

Note: If you'd like to get a solution for Azure CLI or Azure RM instead, consider checking Mohit's answer below.

like image 79
Just Shadow Avatar answered Oct 17 '22 21:10

Just Shadow


If you are using AZ cli for getting the access policy , You can use below command for getting access policy:

az keyvault show --name
                 [--resource-group]
                 [--subscription]

enter image description here

And if you are using Azure RM module then you can simply call below command:

Get-AzureRMKeyVault -VaultName 'myvault'

Vault Name                       : myvault
Resource Group Name              : myrg
Location                         : westus
Resource ID                      : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
                                   /Microsoft.KeyVault/vaults/myvault
Vault URI                        : https://myvault.vault.azure.net/
Tenant ID                        : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU                              : Standard
Enabled For Deployment?          : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption?     : False
Soft Delete Enabled?             : True
Access Policies                  :
                                   Tenant ID                                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
                                   Object ID                                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
                                   Application ID                             :
                                   Display Name                               : User Name ([email protected])
                                   Permissions to Keys                        : get, create, delete, list, update,
                                   import, backup, restore, recover
                                   Permissions to Secrets                     : get, list, set, delete, backup,
                                   restore, recover
                                   Permissions to Certificates                : get, delete, list, create, import,
                                   update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
                                   setissuers, recover
                                   Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
                                   listsas, regeneratekey, set, setsas, update

Tags                             :

Hope it helps.

like image 37
Mohit Verma Avatar answered Oct 17 '22 21:10

Mohit Verma