Skip to content

Instantly share code, notes, and snippets.

@pritpalp

pritpalp/chatgpt-kv-copy-response.md

Created April 28, 2023 15:52
Show Gist options
  • Save pritpalp/a65967055b57d09f2bacc4a54ba9e236 to your computer and use it in GitHub Desktop.
Save pritpalp/a65967055b57d09f2bacc4a54ba9e236 to your computer and use it in GitHub Desktop.
Download ZIP
ChatGPT response for copying and renaming values from one keyvault to another
Raw
chatgpt-kv-copy-response.md

To copy secrets from one key vault to another, you can use the Azure CLI or Azure PowerShell. Here are the steps to copy the secrets and rename them:

Azure CLI

  1. Login to your Azure account and select the subscription and the resource group containing the source and destination key vaults.

  2. Open a terminal and login to Azure CLI using the following command:

    az login

  3. Set the source key vault as the active key vault using the following command:

    az keyvault show -n <source-keyvault-name> -g <source-resource-group-name>
az keyvault set-policy --name <source-keyvault-name> --secret-permissions get list

  4. Set the destination key vault as the active key vault using the following command:

    az keyvault show -n <destination-keyvault-name> -g <destination-resource-group-name>
az keyvault set-policy --name <destination-keyvault-name> --secret-permissions set

  5. Loop through each secret in the source key vault, read its value, and then write it to the destination key vault with a new name using the following command:

    for secret in $(az keyvault secret list --vault-name <source-keyvault-name> --query "[].id" -otsv); do
  secret_name=$(basename $secret)
  secret_value=$(az keyvault secret show --id $secret --query "value" -otsv)
  az keyvault secret set --vault-name <destination-keyvault-name> --name <new-secret-name> --value "$secret_value"
done

    Note: Replace <source-keyvault-name>, <destination-keyvault-name>, <new-secret-name>, <source-resource-group-name>, and <destination-resource-group-name> with the actual values.

Azure PowerShell

  1. Login to your Azure account and select the subscription and the resource group containing the source and destination key vaults.

  2. Open a PowerShell terminal and login to Azure PowerShell using the following command:

    Connect-AzAccount

  3. Set the source key vault as the active key vault using the following command:

    Set-AzKeyVaultAccessPolicy -VaultName <source-keyvault-name> -ResourceGroupName <source-resource-group-name> -PermissionsToSecrets get,list -ServicePrincipalName <your-service-principal>

  4. Set the destination key vault as the active key vault using the following command:

    Set-AzKeyVaultAccessPolicy -VaultName <destination-keyvault-name> -ResourceGroupName <destination-resource-group-name> -PermissionsToSecrets set -ServicePrincipalName <your-service-principal>

  5. Loop through each secret in the source key vault, read its value, and then write it to the destination key vault with a new name using the following command:

    Get-AzKeyVaultSecret -VaultName <source-keyvault-name> | ForEach-Object {
  $secret_name = $_.Name
  $secret_value = (Get-AzKeyVaultSecret -VaultName <source-keyvault-name> -Name $secret_name).SecretValueText
  Set-AzKeyVaultSecret -VaultName <destination-keyvault-name> -Name <new-secret-name> -SecretValue $secret_value
}

    Note: Replace <source-keyvault-name>, <destination-keyvault-name>, <new-secret-name>, <source-resource-group-name>, and <destination-resource-group-name> with the actual values. Also, replace <your-service-principal> with the name of the service principal that has access to the key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment