-
-
Save bachoang/c5a8c49ed9e831e98925e25cf3b2ffd7 to your computer and use it in GitHub Desktop.
PS script to create an AAD App and set the permission of the app to accesss azure key vault secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $x509 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 | |
| $x509.Import("C:\Users\<name>\Documents\learn\key vault\blog\KVWebApp.cer") | |
| $credValue = [System.Convert]::ToBase64String($x509.GetRawCertData()) | |
| Connect-AzureAD | |
| $adapp = New-AzureRmADApplication -DisplayName "KVWebApp" -HomePage "http://kvwebapp" -IdentifierUris "http://kvwebapp" -CertValue $credValue -StartDate $x509.NotBefore -EndDate $x509.NotAfter | |
| $sp = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId | |
| Set-AzureRmKeyVaultAccessPolicy -VaultName 'BlogKV123' -ServicePrincipalName "http://kvwebapp" -PermissionsToSecrets get,list,set,delete,backup,restore,recover,purge -ResourceGroupName 'BlogKVRG' | |
| # get the thumbprint to use in your app settings | |
| $x509.Thumbprint |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment