如何使用 Powershell 将所有机密从一个 Azure Keyvault 复制到另一个 [英] How do I copy over all secrets from one Azure Keyvault to another using Powershell

问题描述

我们最近发现自己需要将每个机密(名称和值)从一个 Azure KeyVault 复制到新创建的一个.我找到了从备份中恢复机密的方法，但我们没有备份.是否有一个 Powershell 脚本可以循环遍历源保管库中的每个名称/值组合并将其复制到目标保管库?

We recently found ourselves needing to copy over every single secret (name and value) from one Azure KeyVault to a newly created one. I found ways to restore the secrets from a backup, but we didn't have a backup. Is there a Powershell script that can just loop through every name/value combo in a source vault and copy it to a destination vault?

推荐答案

这太刺激了(无意冒犯)，这里有一个更强大"的版本:

this is just too triggering (no offense), here's a more "powershelly" version:

Param(
    [Parameter(Mandatory)]
    [string]$sourceVaultName,
    [Parameter(Mandatory)]
    [string]$destVaultName
)

Connect-AzAccount

$secretNames = (Get-AzKeyVaultSecret -VaultName $sourceVaultName).Name
$secretNames.foreach{
    Set-AzKeyVaultSecret -VaultName $destVaultName -Name $_ `
        -SecretValue (Get-AzKeyVaultSecret -VaultName $sourceVaultName -Name $_).SecretValue
}

总结一下:

此更改中的参数是必需的，您可以使用 Tab 键完成它们，因此您不必记住哪个是第一个.
使用 foreach 比使用 do\while 更简洁一些(当然认知工作更少).
您不必将值转换为文本并将其加密回来，您只需使用加密值将其分配给新的秘密

Parameters are mandatory with this change and you can tab complete them, so you dont have to remember which one is first.
Using foreach is a bit cleaner than using do\while (certainly less cognitive effort).
You dont have to cast values to text and encrypt it back, you can just use encrypted value to assign it to new secret

这篇关于如何使用 Powershell 将所有机密从一个 Azure Keyvault 复制到另一个的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！