Azure requires an authenticated user with valid subscription to work with Azure CLI. Web applications uses many secrets keys in the web.config, for example — database connection string, SMTP details, some special service password which is less secure. There are set of commands that need to be run to create and read the secret from Azure Key Vault.
Azure CLI is integrated with Azure Portal so first Cloud Shell has to be started. Click on the Cloud Shell which will create a storage account and after some time Cloud Shell will become ready to use.
Step 1 – Create Resource Group
az group create --name "key-vault-demo-cli" --location eastus
Step 2 – Create Key Vault
az keyvault create
--name "key-vault-account"
--resource-group "key-vault-demo-cli"
--location eastus
Step 3 – Create a secret
az keyvault secret set
--vault-name "key-vault-account"
--name "DBConnection"
--value "DBConnectionString"
az keyvault secret set
--vault-name "key-vault-account"
--name "DBConnectionAdminUser"
--value "DBConnectionAdminPassword"
Step 4 – Read a secret
az keyvault secret show
--name "DBConnection"
--vault-name "key-vault-account"
az keyvault secret show
--name "DBConnectionAdminUser"
--vault-name "key-vault-account"
After running these command, you will have a resource group, a key vault and two secrets which can be verified in Azure Portal. We can to clean up resources by delete resource group.
Step 5 – Clean up resource group
az group delete --name "key-vault-demo-cli"
So, this article only covers two commands which are really useful from a developer perspective. A complete documentation about key vault Azure CLI commands is available here.