asc-adean/azure-keyvault-backup-different-subscriptions.sh

## azure-keyvault-backup-different-subscriptions.sh
#!/bin/bash

# Make sure you are logged into the correct context via `az account set`
# Make sure you also delete the tmp folder as those secrets will be sitting on your filesystem in plain text!!!!!!!!!

vault_name=$1

if [[ -z $vault_name ]]; then
echo "Please supply vault name as an argument to this script"

else

mkdir -p /tmp/$vault_name
secret_array=$(az keyvault secret list --vault-name $vault_name -o table | tail -n +3)

for secret_name in $secret_array
do
echo "Backing up $secret_name"
az keyvault secret show --vault-name $vault_name --name $secret_name -o json | jq -r .value > /tmp/$vault_name/$secret_name.key
done
echo "Completed"

fi

## azure-keyvault-backup-same-subscriptions.sh
#!/bin/bash

# Make sure you are logged into the correct context via `az account set`
# This creates encrypted blobs on your local filesystem from specified keyvault
# They are NOT RESTORABLE INTO A DIFFERENT AZURE SUBSCRIPTION DUE TO AN ARBITRARY LIMITATION BY AZURE
# If you need to restore to a different keyvault in a different subscription, use the other backup/restore scripts

vault_name=$1

if [[ -z $vault_name ]]; then
echo "Please supply vault name as an argument to this script"

else

mkdir -p /tmp/$vault_name
secret_array=$(az keyvault secret list --vault-name $vault_name -o table | tail -n +3)

for secret_name in $secret_array
do
echo "Backing up $secret_name"
az keyvault secret backup --vault-name $vault_name --name $secret_name -f /tmp/$vault_name/$secret_name.blob
done
echo "Completed"

fi

## azure-keyvault-restore-different-subscriptions.sh
#!/bin/bash

# Make sure you are logged into the correct context via `az account set`
# Make sure you also delete the tmp folder as those secrets will be sitting on your filesystem in plain text!!!!!!!!!

vault_name=$1
path_to_secrets=$2

if [[ -z $vault_name || -z $path_to_secrets ]]; then
echo "Run this script like so:"
echo "--"
echo "./keyvault-restore.sh vault_name path_to_secrets"
echo ""
echo "PLEASE ENSURE THE VAULT YOU ARE RESTORING TO IS CORRECT, THIS WILL OVERWRITE YOUR SECRETS!"
else

secret_array=$(ls -l $path_to_secrets | awk '{print $9}' | cut -f 1 -d .)

for secret_name in $secret_array
do
echo "Restoring $secret_name to $vault_name"
az keyvault secret set --vault-name $vault_name --name $secret_name --file $path_to_secrets/$secret_name.key
done
echo "Completed"

fi

## azure-keyvault-restore-same-subscriptions.sh
#!/bin/bash

# Make sure you are logged into the correct context via `az account set`
# This restores encrypted blobs on your local filesystem to specified keyvault
# They are NOT RESTORABLE INTO A DIFFERENT AZURE SUBSCRIPTION DUE TO AN ARBITRARY LIMITATION BY AZURE
# If you need to restore to a different keyvault in a different subscription, use the other backup/restore scripts

vault_name=$1
path_to_blobs=$2

if [[ -z $vault_name || -z $path_to_blobs ]]; then
echo "Run this script like so:"
echo "--"
echo "./keyvault-restore.sh vault_name path_to_backup_files"
echo ""
echo "PLEASE ENSURE THE VAULT YOU ARE RESTORING TO IS CORRECT, THIS WILL OVERWRITE YOUR SECRETS!"
else

secret_array=$(ls -l $path_to_blobs | awk '{print $9}' | cut -f 1 -d .)

for secret_name in $secret_array
do
echo "Restoring $secret_name to $vault_name"
az keyvault secret restore --vault-name $vault_name --file $path_to_blobs/$secret_name.blob
done
echo "Completed"

fi
	#!/bin/bash

	# Make sure you are logged into the correct context via `az account set`
	# Make sure you also delete the tmp folder as those secrets will be sitting on your filesystem in plain text!!!!!!!!!

	vault_name=$1

	if [[ -z $vault_name ]]; then
	echo "Please supply vault name as an argument to this script"

	else

	mkdir -p /tmp/$vault_name
	secret_array=$(az keyvault secret list --vault-name $vault_name -o table \| tail -n +3)

	for secret_name in $secret_array
	do
	echo "Backing up $secret_name"
	az keyvault secret show --vault-name $vault_name --name $secret_name -o json \| jq -r .value > /tmp/$vault_name/$secret_name.key
	done
	echo "Completed"

	fi
	#!/bin/bash

	# Make sure you are logged into the correct context via `az account set`
	# This creates encrypted blobs on your local filesystem from specified keyvault
	# They are NOT RESTORABLE INTO A DIFFERENT AZURE SUBSCRIPTION DUE TO AN ARBITRARY LIMITATION BY AZURE
	# If you need to restore to a different keyvault in a different subscription, use the other backup/restore scripts

	vault_name=$1

	if [[ -z $vault_name ]]; then
	echo "Please supply vault name as an argument to this script"

	else

	mkdir -p /tmp/$vault_name
	secret_array=$(az keyvault secret list --vault-name $vault_name -o table \| tail -n +3)

	for secret_name in $secret_array
	do
	echo "Backing up $secret_name"
	az keyvault secret backup --vault-name $vault_name --name $secret_name -f /tmp/$vault_name/$secret_name.blob
	done
	echo "Completed"

	fi
	#!/bin/bash

	# Make sure you are logged into the correct context via `az account set`
	# This restores encrypted blobs on your local filesystem to specified keyvault
	# They are NOT RESTORABLE INTO A DIFFERENT AZURE SUBSCRIPTION DUE TO AN ARBITRARY LIMITATION BY AZURE
	# If you need to restore to a different keyvault in a different subscription, use the other backup/restore scripts

	vault_name=$1
	path_to_blobs=$2

	if [[ -z $vault_name \|\| -z $path_to_blobs ]]; then
	echo "Run this script like so:"
	echo "--"
	echo "./keyvault-restore.sh vault_name path_to_backup_files"
	echo ""
	echo "PLEASE ENSURE THE VAULT YOU ARE RESTORING TO IS CORRECT, THIS WILL OVERWRITE YOUR SECRETS!"
	else

	secret_array=$(ls -l $path_to_blobs \| awk '{print $9}' \| cut -f 1 -d .)

	for secret_name in $secret_array
	do
	echo "Restoring $secret_name to $vault_name"
	az keyvault secret restore --vault-name $vault_name --file $path_to_blobs/$secret_name.blob
	done
	echo "Completed"

	fi