Still have problems to get it to work. I now have the version 4.0.12-modules in the docker. I also activated the managed Identity for the app service and give them Reader-Permissions to the subscription and SecretReader-Permissions to the key vault.
Now in the job of the script I see that Connect-Azure works fine, but there is no feedback on the Register-SecretVault command. I also can not look at it at jobs, because since I have version 4.0.12 loaded there is just “No data” in jobs.
Till now, I just have problems with the version 4.0.12. It also needs much more time when I restart the app service, I have to wait about 6-7 minutes till I can access. And always on first access there is “Application error” and on the second access it loads all the modules and loads Universal fine.
I will now try to figure the problems out with the system logs.
Addendum:
I do the one time scripts: Connect-AzAccount - Identity -SubscriptionID… works fine. Then i do Set-AzContext with a Name and the SubscriptionID… also works fine. I can run Get-AzContext and get the context i set. After that I do a “Restart” of the app service. I try to run Get-AzContext again… no feedback, there is no Context there after the restart.
I tried this with 4.0.12-modules and also with 4.0.11-modules, with both version the same problem. Also with both version there are no jobs showed, it loads a long time and then shows “no jobs”.
Probably someone have a tip for me? I try to figure it out.
Best,
Mario
My script to register the secret vault looks like this:
1361Variables
$1361SubscriptionID = “xyxy”
$VaultName = ‘xyxy’
$VaultParameters = @{
AZKVaultName = $VaultName
SubscriptionId = $1361SubscriptionID
}
Connect Azure
Connect-AzAccount -Identity -SubscriptionId $1361SubscriptionID
Register Azure Key Vault
Register-SecretVault -ModuleName ‘Az.KeyVault’ -Name ‘AzureKeyVault’ -VaultParameters $VaultParameters -AllowClobber
With mine set mine up in 3 phases:
The code in the steps is something simualar to:
-
Connect to Azure
Connect-AzAccount -Identity
I then did a Get-AZKeyvault to see if I could pull any data back
-
Register the KeyVault
Register-SecretVault -name $Env:KeyVaultName -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName="$Env:KeyVaultName" SubscriptionId="$SubID" }
Note: Set your variables accordingly. My keyvault name is an environment varaible so i can set that differently and the devops dev/test/prod level.
-
Import KeyVault Secrets
$KVSecrets=Get-AzKeyVaultSecret -VaultName $env:KeyVaultName
foreach ($KVSecret in $KVSecrets) {
$SecretName=$KVSecret.Name
New-PSUVariable -Name $SecretName -Vault $env:KeyVaultName -Type "Unknown"
}
Thank you for your feedback. After Point 2: Can you go to “Platform - Variables” and if you add a new secret-variable do you see your registered vault in the menu “Vaults”? Because I can register the SecretVault but I don’t see it in PowerShell Universal. I ask this because of the manual, I was never able to see the new secret-vault there on “Vaults”
The rest is working fine, I used your code and have now my secret set as secret-variable in powershell universal.
Thank you.
Edit:
At mine there must be something wrong with step two. I run that and do not have any error, I can also run step 3 and get the variables from the AZKeyVault. But after that I have an error in the variable that says “This secret does not exist in the vault”. At this point I have no idea why my Register-SecretVault ist not working.