Reputation: 11871
How to get Access Policies of the Azure KeyVault using Azure PowerShell
I'm working on an Azure Powershell script which compares the secrets and the access policies of two Azure KeyVaults.
For comparing the secrets of the Azure KeyVault I've used the command
Get-AzureKeyVaultSecret which worked fine,
but for the access policies seems like there is no any command like Get-AzKeyVaultAccessPolicy.
So, is there any way to retrieve the access policies from the KeyVault using Azure PowerShell?
Upvotes: 12
Views: 17639
Answers (4)
Reputation: 73
This is the most simple command to retrieve the access policy from KeyVault, using Azure PowerShell:
(Get-AzKeyVault -VaultName "yourVaultNameHere").AccessPolicies
Upvotes: 3
Reputation: 13570
You could do it like this as well
$ az keyvault show --name <my-kv-name> --query "properties.accessPolicies"
Upvotes: 4
Reputation: 11871
Here is a solution for Azure Powershell:
$keyVaultName = "KEYVAULT_NAME_HERE"
$keyVault = Get-AzKeyVault -VaultName $keyVaultName
$accessPolicies = $keyVault.AccessPolicies
# Logging the amount of the items
Write-Host "$($keyVault.AccessPolicies.Count)"
Note: If you'd like to get a solution for Azure CLI or Azure RM instead, consider checking Mohit's answer below.
Upvotes: 19
Reputation: 5296
If you are using AZ cli for getting the access policy , You can use below command for getting access policy:
az keyvault show --name
[--resource-group]
[--subscription]
And if you are using Azure RM module then you can simply call below command:
Get-AzureRMKeyVault -VaultName 'myvault'
Vault Name : myvault
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
/Microsoft.KeyVault/vaults/myvault
Vault URI : https://myvault.vault.azure.net/
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU : Standard
Enabled For Deployment? : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Object ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Application ID :
Display Name : User Name ([email protected])
Permissions to Keys : get, create, delete, list, update,
import, backup, restore, recover
Permissions to Secrets : get, list, set, delete, backup,
restore, recover
Permissions to Certificates : get, delete, list, create, import,
update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
setissuers, recover
Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
listsas, regeneratekey, set, setsas, update
Tags :
Hope it helps.
Upvotes: 5
Related Questions
- How to get the list of access policies of an Azure keyvault related to individual users?
- Retrieve the secret value from Azure Keyvault with Az.KeyVault Powershell module
- Get-AzureKeyVaultSecret : Operation returned an invalid status code 'Forbidden'
- Get KeyVault Get Access Policies via Powershell AZ CLI
- How to get keyvault secret output in Azure DevOps
- PowerShell: how can I tell if the user has access to read a secret from Azure Key Vault?
- Azure KeyVault: How to tell if a key is HSM protected
- How to list members of Keyvault in powershell?
- Azure Powershell : Get-AzureKeyVaultSecret : Operation "get" is not allowed
- How to get Azure Key Vault secret using powershell with certificate auth?