How to get Access Policies of the Azure KeyVault using Azure PowerShell

Question

I'm working on an Azure Powershell script which compares the secrets and the access policies of two Azure KeyVaults.

For comparing the secrets of the Azure KeyVault I've used the command Get-AzureKeyVaultSecret which worked fine,
but for the access policies seems like there is no any command like Get-AzKeyVaultAccessPolicy.

So, is there any way to retrieve the access policies from the KeyVault using Azure PowerShell?

Answer 1

Here is a solution for Azure Powershell:

$keyVaultName = "KEYVAULT_NAME_HERE"
$keyVault = Get-AzKeyVault -VaultName $keyVaultName
$accessPolicies = $keyVault.AccessPolicies

# Logging the amount of the items
Write-Host "$($keyVault.AccessPolicies.Count)"

Note: If you'd like to get a solution for Azure CLI or Azure RM instead, consider checking Mohit's answer below.

Answer 2

If you are using AZ cli for getting the access policy , You can use below command for getting access policy:

az keyvault show --name
                 [--resource-group]
                 [--subscription]

And if you are using Azure RM module then you can simply call below command:

Get-AzureRMKeyVault -VaultName 'myvault'

Vault Name                       : myvault
Resource Group Name              : myrg
Location                         : westus
Resource ID                      : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
                                   /Microsoft.KeyVault/vaults/myvault
Vault URI                        : https://myvault.vault.azure.net/
Tenant ID                        : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU                              : Standard
Enabled For Deployment?          : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption?     : False
Soft Delete Enabled?             : True
Access Policies                  :
                                   Tenant ID                                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
                                   Object ID                                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
                                   Application ID                             :
                                   Display Name                               : User Name ([email protected])
                                   Permissions to Keys                        : get, create, delete, list, update,
                                   import, backup, restore, recover
                                   Permissions to Secrets                     : get, list, set, delete, backup,
                                   restore, recover
                                   Permissions to Certificates                : get, delete, list, create, import,
                                   update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
                                   setissuers, recover
                                   Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
                                   listsas, regeneratekey, set, setsas, update

Tags                             :

Hope it helps.