Setting Secrets in Azure KeyVault

Product: PowerShell Universal
Version: 3.8.3
Type: Docker

Hey @adam

Trying to create secrets in a KeyVault and receiving this error in the logs:

> 2023-03-17 12:08:18.980 -04:00 [ERR] Failed to set secret.
  System.Management.Automation.CmdletInvocationException: Vault not found in registry: AzureKeyVault
   ---> System.Management.Automation.PSInvalidOperationException: Vault not found in registry: AzureKeyVault
     at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
     --- End of inner exception stack trace ---
     at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
     at System.Management.Automation.Runspaces.Pipeline.Invoke()
     at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
     at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
     at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
     at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)

Script:

# Install Az.Accoount and Az.KeyVault modules
$AzModule = 'Az.Accounts','Az.KeyVault'
Import-Module -Name PowerShellGet -Force
foreach ($Module in $AzModule) {
    Try {
        Get-InstalledModule -Name $Module -ErrorAction Stop |Out-Null
        Write-Output "$Module installed"
    }
    Catch {
        Write-Output "Installing $($Module)..."
        Install-Module -Name $Module -Force -Confirm:$false -SkipPublisherCheck
    }
}

Try {
    $Params = @{
        ServicePrincipal = $true
        Credential = $Secret:Azure_Service_Principal
        Subscription = $SubscriptionId
        Tenant = '<tenant>'
        ErrorAction = 'Stop'
    }
    Connect-AzAccount @Params |Out-Null
    Register-SecretVault -ModuleName Az.KeyVault -Name AzureKeyVault -AllowClobber -PassThru -VaultParameters @{ 
        AZKVaultName = $KeyvaultName
        SubscriptionId = $SubscriptionId
    }
    Sync-PSUConfiguration -Integrated
}
Catch {
    throw $_
}

The Output from the scripts looks like it registers and I do see the vault in the secret management module.

Get-SecretVault                                             

Name           ModuleName                       IsDefaultVault
----           ----------                       --------------
AzureKeyVault  Az.KeyVault                      False
PSUSecretStore Microsoft.PowerShell.SecretStore True

Example:
New-PSUVariable -Name 'ApiKey' -Vault AzureKeyVault -Type PSCredential -InputObject secret

Thanks.

@adam

Figured it out. Had to run the script in the Integrated environment.

Thanks.

1 Like