Home > database >  Azure Key vault - How to backup and restore?
Azure Key vault - How to backup and restore?

Time:12-16

How to backup and restore the Azure Key vault that includes keys, secrets & cert along with RBAC?

CodePudding user response:

One way is you can use Powershell or CLI to achieve this. after you have done an az login.

keys Export-AzKeyVaultKey and Import-AzKeyVaultKey commands in Azure PowerShell or the az keyvault key export and az keyvault key import commands in Azure CLI to export and import keys and secrets.

Certs Export-AzKeyVaultCertificate and Import-AzKeyVaultCertificate commands in Azure PowerShell or the az keyvault certificate export and az keyvault certificate import commands in Azure CLI.

RBAC policies Get-AzKeyVaultAccessPolicy and Set-AzKeyVaultAccessPolicy commands in Azure PowerShell or the az keyvault show and az keyvault set-policy

CLI example of how to export the keys, certs and RBAC policies to a local file

# Authenticate to Azure
az login

# Export keys, secrets, and certificates from the key vault
keyVaultName="<key-vault-name>"
exportFolderPath="<export-folder-path>"

az keyvault key export --name "<key-name>" --vault-name $keyVaultName --file "$exportFolderPath/key.json"
az keyvault secret export --name "<secret-name>" --vault-name $keyVaultName --file "$exportFolderPath/secret.json"
az keyvault certificate export --name "<certificate-name>" --vault-name $keyVaultName --file "$exportFolderPath/certificate.json"

# Export RBAC policies from the key vault
keyVault=$(az keyvault show --name $keyVaultName)
accessPolicies=$keyVault.properties.accessPolicies
echo $accessPolicies > "$exportFolderPath/access-policies.json"

If you wanted to restore those from the local file to another key vault this will the CLI way to do it

az keyvault key import --name "<key-name>" --vault-name $keyVaultName --file "$exportFolderPath/key.json"
az keyvault secret import --name "<secret-name>" --vault-name $keyVaultName --file "$exportFolderPath/secret.json"
az keyvault certificate import --name "<certificate-name>" --vault-name $keyVaultName --file "$exportFolderPath/certificate.json"

accessPolicies=$(cat "$exportFolderPath/access-policies.json")

az keyvault set-policy --name $keyVaultName --access-policies $accessPolicies

CodePudding user response:

AS Ricky Gummadi said One way is you can use PowerShell or CLI to achieve this.

The other method to Backup and Restore keys, secrets, certificates is through Azure portal is as follows

To backup and restore the Azure Key vault follow the Reference Document.

Keys Backup in Key Vault:

In key vault select created keys and click on Download Backup

enter image description here

enter image description here

enter image description here

Secrets Backup in Key Vault:

Select created Secret then click on Download Backup

enter image description here

enter image description here

Certificates Backup in Key Vault:

enter image description here

enter image description here

Restore:

  1. Select your key vault.
  2. Go to the type of object (secret, key, or certificate) you want to restore.
  3. Select Restore Backup.
  4. Go to the location where you stored the encrypted blob.
  5. Select OK.

Reference link

Page link:https//www.codepudding.com/database/644220.html

Prev:Terraform Azure AKS - How to install azure-keyvault-secrets-provider add-on
Next:Azure Dev ops variable scope
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding