Created
May 8, 2020 18:21
-
-
Save asc-adean/6a1b6ae5ed5c4558aeb5291a7a77695f to your computer and use it in GitHub Desktop.
Azure Backup/Restore Keyvault Scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Make sure you are logged into the correct context via `az account set` | |
# Make sure you also delete the tmp folder as those secrets will be sitting on your filesystem in plain text!!!!!!!!! | |
vault_name=$1 | |
if [[ -z $vault_name ]]; then | |
echo "Please supply vault name as an argument to this script" | |
else | |
mkdir -p /tmp/$vault_name | |
secret_array=$(az keyvault secret list --vault-name $vault_name -o table | tail -n +3) | |
for secret_name in $secret_array | |
do | |
echo "Backing up $secret_name" | |
az keyvault secret show --vault-name $vault_name --name $secret_name -o json | jq -r .value > /tmp/$vault_name/$secret_name.key | |
done | |
echo "Completed" | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Make sure you are logged into the correct context via `az account set` | |
# This creates encrypted blobs on your local filesystem from specified keyvault | |
# They are NOT RESTORABLE INTO A DIFFERENT AZURE SUBSCRIPTION DUE TO AN ARBITRARY LIMITATION BY AZURE | |
# If you need to restore to a different keyvault in a different subscription, use the other backup/restore scripts | |
vault_name=$1 | |
if [[ -z $vault_name ]]; then | |
echo "Please supply vault name as an argument to this script" | |
else | |
mkdir -p /tmp/$vault_name | |
secret_array=$(az keyvault secret list --vault-name $vault_name -o table | tail -n +3) | |
for secret_name in $secret_array | |
do | |
echo "Backing up $secret_name" | |
az keyvault secret backup --vault-name $vault_name --name $secret_name -f /tmp/$vault_name/$secret_name.blob | |
done | |
echo "Completed" | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Make sure you are logged into the correct context via `az account set` | |
# Make sure you also delete the tmp folder as those secrets will be sitting on your filesystem in plain text!!!!!!!!! | |
vault_name=$1 | |
path_to_secrets=$2 | |
if [[ -z $vault_name || -z $path_to_secrets ]]; then | |
echo "Run this script like so:" | |
echo "--" | |
echo "./keyvault-restore.sh vault_name path_to_secrets" | |
echo "" | |
echo "PLEASE ENSURE THE VAULT YOU ARE RESTORING TO IS CORRECT, THIS WILL OVERWRITE YOUR SECRETS!" | |
else | |
secret_array=$(ls -l $path_to_secrets | awk '{print $9}' | cut -f 1 -d .) | |
for secret_name in $secret_array | |
do | |
echo "Restoring $secret_name to $vault_name" | |
az keyvault secret set --vault-name $vault_name --name $secret_name --file $path_to_secrets/$secret_name.key | |
done | |
echo "Completed" | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Make sure you are logged into the correct context via `az account set` | |
# This restores encrypted blobs on your local filesystem to specified keyvault | |
# They are NOT RESTORABLE INTO A DIFFERENT AZURE SUBSCRIPTION DUE TO AN ARBITRARY LIMITATION BY AZURE | |
# If you need to restore to a different keyvault in a different subscription, use the other backup/restore scripts | |
vault_name=$1 | |
path_to_blobs=$2 | |
if [[ -z $vault_name || -z $path_to_blobs ]]; then | |
echo "Run this script like so:" | |
echo "--" | |
echo "./keyvault-restore.sh vault_name path_to_backup_files" | |
echo "" | |
echo "PLEASE ENSURE THE VAULT YOU ARE RESTORING TO IS CORRECT, THIS WILL OVERWRITE YOUR SECRETS!" | |
else | |
secret_array=$(ls -l $path_to_blobs | awk '{print $9}' | cut -f 1 -d .) | |
for secret_name in $secret_array | |
do | |
echo "Restoring $secret_name to $vault_name" | |
az keyvault secret restore --vault-name $vault_name --file $path_to_blobs/$secret_name.blob | |
done | |
echo "Completed" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment