PSU with Azure KeyVault

Can PSU be set up to use other key vaults other than the BuiltInVault? Specifically, Azure Key Vault?

Product: PowerShell Universal
Version: 1.5.8

It’s possible but were still using the old secret management module. You’d have to develop an extension for the module. We will be updating to the newer one when they GA it which I believe already has an Azure Key Vault extension.


For now, I’ve just been using the Az powershell module setup to access keyvault secrets on my PSU stuff. Maybe it’s not as clean, but it does work well.

I think I am missing something with regards to using the Azure Key Vault, and was hoping somebody could clarify for me.

I am good with creating and reading from the vault in PowerShell, but I am not clear on what credentials are used by the script when it retrieves a secret. My assumption is I need to perform a Connect-AzAccount first (or even Connect-MgGraph, but what credential type would I use given I can’t use interactive from within the script, and obviously don’t want to hard code an SP secret)?