1

Somewhere I read that I can copy backups from one vault to another. I have been unable to find anything leading me in the right direction.

My intent is to do so, so that I can work around the fact that one cannot rename vaults, once they have been created.

I have been all over the different vault options, but have not come across anything suggesting that I was on the right path.

Laurel
  • 5,965
  • 14
  • 31
  • 57
lapisque
  • 11
  • 1

1 Answers1

0

This answer have been copied from How To Copy All Secrets From One KeyVault To Another In Azure

There are two options to make it:

  1. Copy Azure KeyVault using the Powershell script
  2. Copy Azure KeyVault using Azure CLI

Here, we are copying 4 secrets from the source keyvault called myKeyVault2020 for the demonstrations.

enter image description here

Option 1: Copy Azure KeyVault using Powershell script

Now we want to copy secrets that are not already present in the destination keyvault called kv-myapps-2021 using Azure Powershell.

enter image description here

Param(
    [Parameter(Mandatory)]
    [string]$sourceKvName,
    [Parameter(Mandatory)]
    [string]$destKvName
)
Connect-AzAccount
$secretNames = (Get-AzKeyVaultSecret -VaultName $sourceKvName).Name
$secretNames.foreach{
    Set-AzKeyVaultSecret -VaultName $destKvName -Name $_ `
        -SecretValue (Get-AzKeyVaultSecret -VaultName $sourceKvName -Name $_).SecretValue
}

We can see that all secrets have been copied successfully to kv-myapps-2021.

enter image description here

Option 2: Copy Azure KeyVault using Azure CLI

We can also copy all secrets using the below Bash script to a new destination keyvault called kv-myapps-2023.

enter image description here

Source_Kv_Name="myKeyVault2020"
Dest_Kv_Name="kv-myapps-2023"
SECRETS+=($(az keyvault secret list --vault-name $Source_Kv_Name --query "[].id" -o tsv))
for SECRET in "${SECRETS[@]}"; do
SECRETNAME=$(echo "$SECRET" | sed 's|.*/||')
SECRET_CHECK=$(az keyvault secret list --vault-name $Dest_Kv_Name --query "[?name=='$SECRETNAME']" -o tsv)
if [ -n "$SECRET_CHECK" ]
then
    echo "$SECRETNAME already exists in $Dest_Kv_Name"
else
     echo "Copying $SECRETNAME from Source KeyVault: $Source_Kv_Name to Destination KeyVault: $Dest_Kv_Name"
    SECRET=$(az keyvault secret show --vault-name $Source_Kv_Name -n $SECRETNAME --query "value" -o tsv)
    az keyvault secret set --vault-name $Dest_Kv_Name -n $SECRETNAME --value "$SECRET" >/dev/null
fi
done

Let’s check the destination key vault. Awesome! All secrets are copied.

ali homayouni
  • 78
  • 5