Created
April 16, 2017 09:39
-
-
Save PlagueHO/24bcab61df4741a0c388d3d0467d192a to your computer and use it in GitHub Desktop.
Create a New Azure Key Vault and set up an Administrator Policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The name of the Azure subscription to install the Key Vault into | |
$subscriptionName = 'MySubscription' | |
# The resource group that will contain the Key Vault to create to contain the Key Vault | |
$resourceGroupName = 'MyKeyVaultRG' | |
# The name of the Key Vault to install | |
$keyVaultName = 'MyKeyVault' | |
# The Azure data center to install the Key Vault to | |
$location = 'southcentralus' | |
# These are the Azure AD users that will have admin permissions to the Key Vault | |
$keyVaultAdminUsers = @('Joe Boggs','Jenny Biggs') | |
# Login to Azure | |
Login-AzureRMAccount | |
# Select the appropriate subscription | |
Select-AzureRmSubscription -SubscriptionName $subscriptionName | |
# Make the Key Vault provider is available | |
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.KeyVault | |
# Create the Resource Group | |
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location | |
# Create the Key Vault (enabling it for Disk Encryption, Deployment and Template Deployment) | |
New-AzureRmKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -Location $location ` | |
-EnabledForDiskEncryption -EnabledForDeployment -EnabledForTemplateDeployment | |
# Add the Administrator policies to the Key Vault | |
foreach ($keyVaultAdminUser in $keyVaultAdminUsers) { | |
$UserObjectId = (Get-AzureRmADUser -SearchString $keyVaultAdminUser).Id | |
Set-AzureRmKeyVaultAccessPolicy -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -ObjectId $UserObjectId ` | |
-PermissionsToKeys all -PermissionsToSecrets all -PermissionsToCertificates all | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment