This post is part of a series in which I will show how to create different resources in Microsoft Azure. Today I will show you how to create a very important service that works as a secure secrets store: An Azure Key Vault. You can use Key vaults to Centralized storage of application secrets, keys, and Certificates.

This tutorial assumes that you already have a Microsoft Azure account configured.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

The Azure Key vault is a resource and you must place it within a Resource Group. You can use an existing Resource Group, or you can create a new Resource Group. If you want to know how to create a Resource Group using PowerShell, check out this link.

To create a Key vault with PowerShell, use the New-AzKeyVault cmdlet with the following syntax:

Azure Key Vault

Parameters

-EnabledForDiskEncryption

Allows the Azure disk encryption service to get secrets and unwrap keys from this key vault.

-Sku

Specifies the SKU of the key vault instance. Standard or Premium are the possible options. you must choose one to depend on the services and features you want to use.

Azure Key Vault Access Policy

Before you start working with the key vault, you must grant your user permission to perform operations with the key vault. To perform this task, you must use the Set-AzKeyVaultAccessPolicy cmdlet.

Set-AzKeyVaultAccessPolicy

Create and read a secret from Key Vault

To store a sensitive password in Key Vault with PowerShell, use the Set-AzureKeyVaultSecret cmdlet with the following syntax:

If you want to get the secrets stored in a key vault, use the Get-AzKeyVaultSecret cmdlet with the following syntax:

Get-AzKeyVaultSecret

Azure CLI Workaround

You can use it in your browser with Azure Cloud Shell or install it on your machine. If you want to know how to install the Azure CLI, check out this link.
The way to get started is to sign in interactively at the command line.

This command will bring up a dialog box prompting you for your email address and password associated with your Azure account.

If you have more than one subscription associated with your mail account, you can choose the default subscription. to perform this task, we will use the following commands:

The Azure Key vault is a resource and you must place it within a Resource Group. You can use an existing Resource Group, or you can create a new Resource Group. If you want to know how to create a Resource Group using Azure CLI, check out this link.

To create an Azure Key Vault with Azure CLI, use the following syntax:

Azure Key Vault

Create and read a secret from Key Vault

To store a confidential password in Key Vault with the Azure CLI, type the following commands:

az keyvault secret

If you want to get the secrets stored in a key vault, use the following command:

az keyvault secret show

If you want to know more about Azure Key vaults, check out this link:https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis