amalgjose/migrate_secrets_multi_sp.py

## migrate_secrets_multi_sp.py
# pip install azure-keyvault-secrets
# pip install azure-identity

from azure.keyvault.secrets import SecretClient
from azure.identity import ClientSecretCredential

source_vault_url = "https://<sourcekeyvault>.vault.azure.net"
destination_vault_url = "https://<destkeyvault>.vault.azure.net/"

# Get the below details from Service Principle-01 (has access to source keyvault)
AZURE_TENANT_ID_SRC = '<string>'
AZURE_CLIENT_ID_SRC = '<string>'
AZURE_CLIENT_SECRET_SRC = '<string>'

credentials_source = ClientSecretCredential(
                    client_id=AZURE_CLIENT_ID_SRC,
                    client_secret=AZURE_CLIENT_SECRET_SRC,
                    tenant_id=AZURE_TENANT_ID_SRC)

# Get the below details from Service Principle-02 (has access to target keyvault)
AZURE_TENANT_ID_DST = '<string>'
AZURE_CLIENT_ID_DST = '<string>'
AZURE_CLIENT_SECRET_DST = '<string>'
credentials_target = ClientSecretCredential(
                    client_id=AZURE_CLIENT_ID_DST,
                    client_secret=AZURE_CLIENT_SECRET_DST,
                    tenant_id=AZURE_TENANT_ID_DST)
source_client = SecretClient(vault_url=source_vault_url, credential=credentials_source)
destination_client = SecretClient(vault_url=destination_vault_url, credential=credentials_target)

# Update this list with the list of secret keys to migrate
key_list = ['keyA', 'keyB', 'keyC']

# Get secrets from the source key vault
credentials = {}
for key in key_list :
    credentials[key] = source_client.get_secret(key).value

# Set secrets in the destination  key vault
for secret_key, secret_value in credentials.items():
    print(f"Creating a secret called '{secret_key}' with the value '{secret_value}' ...")
    destination_client.set_secret(secret_key, secret_value)
	# pip install azure-keyvault-secrets
	# pip install azure-identity

	from azure.keyvault.secrets import SecretClient
	from azure.identity import ClientSecretCredential

	source_vault_url = "https://<sourcekeyvault>.vault.azure.net"
	destination_vault_url = "https://<destkeyvault>.vault.azure.net/"

	# Get the below details from Service Principle-01 (has access to source keyvault)
	AZURE_TENANT_ID_SRC = '<string>'
	AZURE_CLIENT_ID_SRC = '<string>'
	AZURE_CLIENT_SECRET_SRC = '<string>'

	credentials_source = ClientSecretCredential(
	client_id=AZURE_CLIENT_ID_SRC,
	client_secret=AZURE_CLIENT_SECRET_SRC,
	tenant_id=AZURE_TENANT_ID_SRC)

	# Get the below details from Service Principle-02 (has access to target keyvault)
	AZURE_TENANT_ID_DST = '<string>'
	AZURE_CLIENT_ID_DST = '<string>'
	AZURE_CLIENT_SECRET_DST = '<string>'
	credentials_target = ClientSecretCredential(
	client_id=AZURE_CLIENT_ID_DST,
	client_secret=AZURE_CLIENT_SECRET_DST,
	tenant_id=AZURE_TENANT_ID_DST)
	source_client = SecretClient(vault_url=source_vault_url, credential=credentials_source)
	destination_client = SecretClient(vault_url=destination_vault_url, credential=credentials_target)

	# Update this list with the list of secret keys to migrate
	key_list = ['keyA', 'keyB', 'keyC']

	# Get secrets from the source key vault
	credentials = {}
	for key in key_list :
	credentials[key] = source_client.get_secret(key).value

	# Set secrets in the destination key vault
	for secret_key, secret_value in credentials.items():
	print(f"Creating a secret called '{secret_key}' with the value '{secret_value}' ...")
	destination_client.set_secret(secret_key, secret_value)