Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PS script to create an AAD App and set the permission of the app to accesss azure key vault secret
$x509 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$x509.Import("C:\Users\<name>\Documents\learn\key vault\blog\KVWebApp.cer")
$credValue = [System.Convert]::ToBase64String($x509.GetRawCertData())
Connect-AzureAD
$adapp = New-AzureRmADApplication -DisplayName "KVWebApp" -HomePage "http://kvwebapp" -IdentifierUris "http://kvwebapp" -CertValue $credValue -StartDate $x509.NotBefore -EndDate $x509.NotAfter
$sp = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName 'BlogKV123' -ServicePrincipalName "http://kvwebapp" -PermissionsToSecrets get,list,set,delete,backup,restore,recover,purge -ResourceGroupName 'BlogKVRG'
# get the thumbprint to use in your app settings
$x509.Thumbprint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment