How to Create Azure Key Vault using CLI

Azure requires an authenticated user with valid subscription to work with Azure CLI. Web applications uses many secrets keys in the web.config, for example — database connection string, SMTP details, some special service password which is less secure. There are set of commands that need to be run to create and read the secret from Azure Key Vault.

Azure CLI is integrated with Azure Portal so first Cloud Shell has to be started. Click on the Cloud Shell which will create a storage account and after some time Cloud Shell will become ready to use.

Step 1 – Create Resource Group

az group create --name "key-vault-demo-cli" --location eastus

Step 2 – Create Key Vault

az keyvault create 
    --name "key-vault-account" 
    --resource-group "key-vault-demo-cli" 
    --location eastus

Step 3 – Create a secret

az keyvault secret set 
      --vault-name "key-vault-account" 
      --name "DBConnection" 
      --value "DBConnectionString"

az keyvault secret set 
      --vault-name "key-vault-account" 
      --name "DBConnectionAdminUser" 
      --value "DBConnectionAdminPassword"

Step 4 – Read a secret

az keyvault secret show 
        --name "DBConnection" 
        --vault-name "key-vault-account"

az keyvault secret show 
         --name "DBConnectionAdminUser" 
         --vault-name "key-vault-account"

After running these command, you will have a resource group, a key vault and two secrets which can be verified in Azure Portal. We can to clean up resources by delete resource group.

Step 5 – Clean up resource group

az group delete --name "key-vault-demo-cli"

So, this article only covers two commands which are really useful from a developer perspective. A complete documentation about key vault Azure CLI commands is available here.

One thought on “How to Create Azure Key Vault using CLI

Add yours

Leave a Reply

Up ↑

%d bloggers like this: