Product: PowerShell Universal
Version: 3.7.0
I am trying to hook in an Azure KeyVault. When i register the vault in line with the documentation and other forum posts posted. I am able to import the stored secrets and call them using the $secret:mysecrret variable.
Once I reboot, I see the previously documented errors about the secret not existing in the vault. None of the documented or posted workarounds seam to work for me.
When I examine the container logs, I see the following:
2023-01-12 09:09:46.377 +00:00 [INF] Finished groom job.
2023-01-12 09:09:53.246 +00:00 [ERR] Failed to read secret :The specified module 'Az.Accounts' with version '2.10.4' was not loaded because no valid module file was found in any module directory.
2023-01-12 09:09:53.772 +00:00 [ERR] Failed to read secret :The term 'Az.KeyVault\Get-AzKeyVaultSecret' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
2023-01-12 09:41:57.243 +00:00 [INF] Start installing Hangfire SQL objects...
[15:55:23 ERR] Failed to read secret :The term 'Az.KeyVault\Get-AzKeyVaultSecret' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
[15:55:24 ERR] Failed to read secret :The term 'Az.KeyVault\Get-AzKeyVaultSecret' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Has anybody else see this or have a workaround which allows KeyVaults to work following a container reboot?
I am seeing inconsistency in being able to get AZ keyvault, as well. What is odd is how one time it won’t work with an error like this:
The command Connect-AzAccount is part of Azure PowerShell module “Az.Accounts” and it is not installed. Run “Install-Module Az.Accounts” to install it.
The term ‘Connect-AzAccount’ is not recognized as a name of a cmdlet, function, script file, or executable program.
Then, I refresh the element on the page and it works. It’s frustrating due to the inconsistency. I call get-secret a lot on some of my pages and sometimes everything loads fines, sometimes almost all of them fail and other times only some of them fail.
I am looking into this as we speak.
When I bring up a terminal, I get this:
When I close the terminal and open it again, the get-module command only returns the Universal package.
If I have any breakthroughs on this problem, I will post them
OK, I think I have a partial workaround which seams to kick it in to gear.
Following a reboot, I perform the following, and it seems to reconnect everything:
- Unregister the Vault
Unregister-SecretVault -Name vaultname
- Register the Vault
register-SecretVault -Name vaultname -name vaultname -ModuleName Az.KeyVault -VaultParameters @{
AZKVaultName = 'vaultname'
SubscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
- Add a new variable
$VariableName="testvar3"
New-PSUVariable -Name $VariableName -type string -Integrated -Value $VariableName -Vault vaultname -InputObject secret
It was the -InputObject parameter, which I was missing throughout my previous attempts. Once I add a new variable, it all kicks in.
@dkkazak, are you able to replicate this? I suspect the next action will be to see if there is any other system command which will do this. @adam Is there any internal cmd which does this already on boot?
How are you using that variable? I rarely call Get-Secret directly from PowerShell Universal. Instead, it is often from “shared” cmdlets that are used outside of the PowerShell Universal universe, as well.
I use the $secret: process to call the variable