0

I'm trying to use Azure powershell to pull an SSH key and add it to a VM. The cmdlet is

Get-AzKeyVaultKey ... -OutFile filename

I'd like to avoid actually writing the key to the disk, but I need it in a variable. Is there any way to provide a variable acting like a file or something so I can go

-OutFile $someVariablePretendingToBeFile

and use that variable please?

The variable that is returned by Get-AzKeyVaultKey is of type PsKeyVaultKey if I get its key property, and call ToRSA() I get an RSACryptoServiceProvider But I still don't see where to get the public key string from! It's annoying b/c -OutFile produces exactly the public key

Thanks

foldone
  • 143
  • 9
  • Have you tried `$someVariablePretendingToBeFile = Get-AzKeyVaultKey ...` (and remove `-OutFile filename`) ? – Theo Jan 12 '21 at 14:38
  • Hi, yeah that returns a [PSKeyVaultKey](https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.commands.keyvault.models.pskeyvaultkey?view=azurerm-ps) but I can't seem to find any way to extract the public key from that object – foldone Jan 12 '21 at 14:40
  • You'll have to dig deeper into the returned object. See [this answer](https://stackoverflow.com/a/60312396/9898643) – Theo Jan 12 '21 at 14:46
  • Hi - yeah I saw that answer, and it still doesn't clear up where to get the public key from. By calling $key.key.ToRSA() I get an [rsacryptoserviceprovider](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=net-5.0#methods) But I don't see where to get the pub key from that. It's annoying because -OutFile gives me exactly what I want! – foldone Jan 12 '21 at 14:47
  • I have a feeling I'm going to have to do [this](https://stackoverflow.com/questions/28406888/c-sharp-rsa-public-key-output-not-correct/28407693#28407693) if I can't mock the variable – foldone Jan 12 '21 at 15:00
  • Wow... I hope you get it right. If you do, please post it as answer for others to benefit. – Theo Jan 12 '21 at 15:10
  • Found the code that does it in [et-AzKeyVaultKey](https://github.com/Azure/azure-powershell/blob/91ece8f6138350a8fd5a9db93710766aa498a1ac/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs#L436) – foldone Jan 12 '21 at 15:29
  • 1
    The Azure powershell code that exports the public key uses the Stackoverflow answer linked above(!)[here they've commented that answer above the same impl](https://github.com/Azure/azure-powershell/blob/91ece8f6138350a8fd5a9db93710766aa498a1ac/src/KeyVault/KeyVault/Helpers/JwkHelper.cs#L30) – foldone Jan 12 '21 at 15:30
  • Well done! Good find – Theo Jan 12 '21 at 15:33

2 Answers2

0

Since Get-AzKeyVaultKey is not providing a way of doing (that I know of), can you get it to work with a simple :

$key=(Get-AzKeyVaultKey XXX)

To get the result in a variable ?

Let us know !

douhayoun
  • 81
  • 5
0

Not sure if tis would work, it is a variant of the answer above. I can't test it just now

$PublicKey = Get-AzKeyVaultKey -VaultName $vaultName -KeyName $keyName
sailingbikeruk
  • 164
  • 1
  • 8