exinmusic/migrate_keyvault_secrets.sh

## migrate_keyvault_secrets.sh
#!/bin/bash
#
# Copy secrets from vault to vault
# Original Author: Anupam Maiti
# Version Author: David Dolan (david.dolan@metaltoad.com)
# -------------------------------------------------------
# Updated original script to handle migration from one subscription to another.
# Updated original script to handle bash on windows (CRLF)
#
# Config
Source_Kv_Name=""
Source_Sub_Name=""
Dest_Kv_Name=""
Dest_Sub_Name=""
# Logic
echo "Switching to source subscription..."
az account set --subscription $Source_Sub_Name >/dev/null
SECRETS+=($(az keyvault secret list --vault-name $Source_Kv_Name --query "[].id" -o tsv))
for SECRET in "${SECRETS[@]}"; do
echo "Switching to destination subscription..."
az account set --subscription $Dest_Sub_Name >/dev/null
SECRETNAME=$(echo "$SECRET" | sed 's|.*/||' | tr -d '\015')
SECRET_CHECK=$(az keyvault secret list --vault-name $Dest_Kv_Name --query "[?name=='$SECRETNAME']" -o tsv)
if [ -n "$SECRET_CHECK" ]
then
    echo "$SECRETNAME already exists in $Dest_Kv_Name"
else
    echo "Switching to source subscription..."
    az account set --subscription $Source_Sub_Name >/dev/null
    echo "Copying $SECRETNAME from Source KeyVault: $Source_Kv_Name"
    SECRET=$(az keyvault secret show --vault-name $Source_Kv_Name -n $SECRETNAME --query "value" -o tsv | tr -d '\015')
    echo "Switching to destination subscription..."
    az account set --subscription $Dest_Sub_Name >/dev/null
    echo "Pasting $SECRETNAME to Destination KeyVault: $Dest_Kv_Name"
    az keyvault secret set --vault-name $Dest_Kv_Name -n $SECRETNAME --value "$SECRET" >/dev/null
fi
done
	#!/bin/bash
	#
	# Copy secrets from vault to vault
	# Original Author: Anupam Maiti
	# Version Author: David Dolan (david.dolan@metaltoad.com)
	# -------------------------------------------------------
	# Updated original script to handle migration from one subscription to another.
	# Updated original script to handle bash on windows (CRLF)
	#
	# Config
	Source_Kv_Name=""
	Source_Sub_Name=""
	Dest_Kv_Name=""
	Dest_Sub_Name=""
	# Logic
	echo "Switching to source subscription..."
	az account set --subscription $Source_Sub_Name >/dev/null
	SECRETS+=($(az keyvault secret list --vault-name $Source_Kv_Name --query "[].id" -o tsv))
	for SECRET in "${SECRETS[@]}"; do
	echo "Switching to destination subscription..."
	az account set --subscription $Dest_Sub_Name >/dev/null
	SECRETNAME=$(echo "$SECRET" \| sed 's\|.*/\|\|' \| tr -d '\015')
	SECRET_CHECK=$(az keyvault secret list --vault-name $Dest_Kv_Name --query "[?name=='$SECRETNAME']" -o tsv)
	if [ -n "$SECRET_CHECK" ]
	then
	echo "$SECRETNAME already exists in $Dest_Kv_Name"
	else
	echo "Switching to source subscription..."
	az account set --subscription $Source_Sub_Name >/dev/null
	echo "Copying $SECRETNAME from Source KeyVault: $Source_Kv_Name"
	SECRET=$(az keyvault secret show --vault-name $Source_Kv_Name -n $SECRETNAME --query "value" -o tsv \| tr -d '\015')
	echo "Switching to destination subscription..."
	az account set --subscription $Dest_Sub_Name >/dev/null
	echo "Pasting $SECRETNAME to Destination KeyVault: $Dest_Kv_Name"
	az keyvault secret set --vault-name $Dest_Kv_Name -n $SECRETNAME --value "$SECRET" >/dev/null
	fi
	done