Azure Key Vault has been generally available in certain regions since June 2015. You can’t use the Azure Portal to work with the key vault yet, so you have to drop down into Azure Powershell and run a few commands. It’s a little confusing to get started since development is ongoing and Azure Powershell itself changes frequently.
Here’s how I have been achieving some simple Azure Key Vault commands via Azure Powershell. I’m using Azure Powershell version 0.9.8, so keep that in mind if you’re comparing these commands to the Getting Started guide linked previously in this article.
Check Your Azure Powershell Version (optional)
If you don’t know what version of Azure Powershell you’re using, try this:
(Get-Module azure -ListAvailable).Version
Switch to AzureResourceManager Mode if Necessary (optional)
Since you’re using version 0.9.8 like me, you need to switch into Azure Resource Manager mode.
Login to Azure
Login to your Azure account and enter your credentials in the popup window. It seems kind of odd that it wouldn’t just make you login via Powershell parameters.
Create a Resource Group (optional)
You need an Azure Resource Group to add the Azure Key Vault to. If you don’t have one already, create it now. If you already have one, skip this step.
New-AzureResourceGroup -Name <ResourceGroupName> -Location <ResourceGroupLocation>
Create a Key Vault
Now create the Azure Key Vault. To be honest, I don’t know what would happen if you added it to a location that’s different from the Resource Group’s location.
New-AzureKeyVault -VaultName <KeyVaultName> -ResourceGroupName <ResourceGroupName> -Location <ResourceGroupLocation>
Create a Key and Add It to Your Key Vault
Now you need to add a Key to your Key Vault. This cmdlet will create a software-protected key. You could also create a hardware-protected key, but keep in mind that there may be costs associated with that method of extra protection.
Add-AzureKeyVaultKey -VaultName <KeyVaultName> -Name <KeyName> -Destination 'Software'
Confirm the Key Was Created
Get-AzureKeyVaultKey -VaultName <KeyVaultName>