How to backup and restore the Azure Key vault that includes keys, secrets & cert along with RBAC?
CodePudding user response:
One way is you can use Powershell or CLI to achieve this. after you have done an az login.
keys Export-AzKeyVaultKey and Import-AzKeyVaultKey commands in Azure PowerShell or the az keyvault key export and az keyvault key import commands in Azure CLI to export and import keys and secrets.
Certs Export-AzKeyVaultCertificate and Import-AzKeyVaultCertificate commands in Azure PowerShell or the az keyvault certificate export and az keyvault certificate import commands in Azure CLI.
RBAC policies Get-AzKeyVaultAccessPolicy and Set-AzKeyVaultAccessPolicy commands in Azure PowerShell or the az keyvault show and az keyvault set-policy
CLI example of how to export the keys, certs and RBAC policies to a local file
# Authenticate to Azure
az login
# Export keys, secrets, and certificates from the key vault
keyVaultName="<key-vault-name>"
exportFolderPath="<export-folder-path>"
az keyvault key export --name "<key-name>" --vault-name $keyVaultName --file "$exportFolderPath/key.json"
az keyvault secret export --name "<secret-name>" --vault-name $keyVaultName --file "$exportFolderPath/secret.json"
az keyvault certificate export --name "<certificate-name>" --vault-name $keyVaultName --file "$exportFolderPath/certificate.json"
# Export RBAC policies from the key vault
keyVault=$(az keyvault show --name $keyVaultName)
accessPolicies=$keyVault.properties.accessPolicies
echo $accessPolicies > "$exportFolderPath/access-policies.json"
If you wanted to restore those from the local file to another key vault this will the CLI way to do it
az keyvault key import --name "<key-name>" --vault-name $keyVaultName --file "$exportFolderPath/key.json"
az keyvault secret import --name "<secret-name>" --vault-name $keyVaultName --file "$exportFolderPath/secret.json"
az keyvault certificate import --name "<certificate-name>" --vault-name $keyVaultName --file "$exportFolderPath/certificate.json"
accessPolicies=$(cat "$exportFolderPath/access-policies.json")
az keyvault set-policy --name $keyVaultName --access-policies $accessPolicies
CodePudding user response:
AS Ricky Gummadi said One way is you can use PowerShell or CLI to achieve this.
The other method to Backup and Restore keys, secrets, certificates is through Azure portal is as follows
To backup and restore the Azure Key vault follow the Reference Document.
Keys Backup in Key Vault:
In key vault select created keys and click on Download Backup
Secrets Backup in Key Vault:
Select created Secret then click on Download Backup
Certificates Backup in Key Vault:
Restore:
- Select your key vault.
- Go to the type of object (secret, key, or certificate) you want to restore.
- Select Restore Backup.
- Go to the location where you stored the encrypted blob.
- Select OK.
Reference link