To copy secrets from one key vault to another, you can use the Azure CLI or Azure PowerShell. Here are the steps to copy the secrets and rename them:
-
Login to your Azure account and select the subscription and the resource group containing the source and destination key vaults.
-
Open a terminal and login to Azure CLI using the following command:
az login
-
Set the source key vault as the active key vault using the following command:
az keyvault show -n <source-keyvault-name> -g <source-resource-group-name> az keyvault set-policy --name <source-keyvault-name> --secret-permissions get list
-
Set the destination key vault as the active key vault using the following command:
az keyvault show -n <destination-keyvault-name> -g <destination-resource-group-name> az keyvault set-policy --name <destination-keyvault-name> --secret-permissions set
-
Loop through each secret in the source key vault, read its value, and then write it to the destination key vault with a new name using the following command:
for secret in $(az keyvault secret list --vault-name <source-keyvault-name> --query "[].id" -otsv); do secret_name=$(basename $secret) secret_value=$(az keyvault secret show --id $secret --query "value" -otsv) az keyvault secret set --vault-name <destination-keyvault-name> --name <new-secret-name> --value "$secret_value" done
Note: Replace
<source-keyvault-name>
,<destination-keyvault-name>
,<new-secret-name>
,<source-resource-group-name>
, and<destination-resource-group-name>
with the actual values.
-
Login to your Azure account and select the subscription and the resource group containing the source and destination key vaults.
-
Open a PowerShell terminal and login to Azure PowerShell using the following command:
Connect-AzAccount
-
Set the source key vault as the active key vault using the following command:
Set-AzKeyVaultAccessPolicy -VaultName <source-keyvault-name> -ResourceGroupName <source-resource-group-name> -PermissionsToSecrets get,list -ServicePrincipalName <your-service-principal>
-
Set the destination key vault as the active key vault using the following command:
Set-AzKeyVaultAccessPolicy -VaultName <destination-keyvault-name> -ResourceGroupName <destination-resource-group-name> -PermissionsToSecrets set -ServicePrincipalName <your-service-principal>
-
Loop through each secret in the source key vault, read its value, and then write it to the destination key vault with a new name using the following command:
Get-AzKeyVaultSecret -VaultName <source-keyvault-name> | ForEach-Object { $secret_name = $_.Name $secret_value = (Get-AzKeyVaultSecret -VaultName <source-keyvault-name> -Name $secret_name).SecretValueText Set-AzKeyVaultSecret -VaultName <destination-keyvault-name> -Name <new-secret-name> -SecretValue $secret_value }
Note: Replace
<source-keyvault-name>
,<destination-keyvault-name>
,<new-secret-name>
,<source-resource-group-name>
, and<destination-resource-group-name>
with the actual values. Also, replace<your-service-principal>
with the name of the service principal that has access to the key