SHARE
TWEET

Untitled

a guest Aug 18th, 2019 86 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #this scripts will create keyvault, assign permissions to users, apps, and groups.
  2. #pipeline service principal App ObjectID will be assigned list,get and set permissions.
  3.  
  4.  
  5. [CmdletBinding()]
  6. Param(
  7. [Parameter(Mandatory=$true)]$location,
  8. [Parameter(Mandatory=$true)]$resourceGroupName,
  9. [Parameter(Mandatory=$true)]$keyVaultName,
  10. [Parameter(Mandatory=$true)]$secretName,
  11. [Parameter(Mandatory=$true)]$secretValue,
  12. [Parameter(Mandatory=$true)]$keyVaultUsers,
  13. [Parameter(Mandatory=$true)]$svcPrincipalAppObjectId
  14. )
  15.  
  16. Write-Host "Starting to Create the Key Vault"
  17.  
  18. # Create new resource group if not exists.
  19. $rgAvail = Get-AzResourceGroup -Name $resourceGroupName -Location $location -ErrorAction SilentlyContinue
  20. if(!$rgAvail){
  21.     New-AzResourceGroup -Name $resourceGroupName -Location $location
  22. }
  23.  
  24.  
  25.  
  26. # Create new key vault if not exists. (enabling it for Disk Encryption, Deployment and Template Deployment)
  27. $kvAvail = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -ErrorAction SilentlyContinue
  28. if(!$kvAvail){
  29.     New-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -Location $location -Sku 'Standard' -EnabledForDiskEncryption -EnabledForDeployment -EnabledForTemplateDeployment
  30.     # Wait few seconds for DNS entry to propagate
  31.     Start-Sleep -Seconds 15
  32.  
  33.     #give permissions to service principal to create secrets
  34.     Set-AzKeyVaultAccessPolicy -BypassObjectIdValidation -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -ObjectId $svcPrincipalAppObjectId -PermissionsToKeys list,get -PermissionsToSecrets list,get,set -PermissionsToCertificates list,get
  35.     # Add the Administrator policies to the Key Vault
  36.     foreach ($adminUser in $keyVaultUsers.Split(',')) {
  37.     #$UserObjectId = (Get-AzureRmADUser -SearchString $adminUser).Id
  38.     #Write-Host "Connection Key Vault URL is " $adminUser
  39.     Set-AzKeyVaultAccessPolicy -BypassObjectIdValidation -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -ObjectId $adminUser -PermissionsToKeys list,get -PermissionsToSecrets list,get -PermissionsToCertificates list,get
  40. }
  41. }
  42.  
  43. # Add or update a secret to key vault.
  44. $secretVal = ConvertTo-SecureString -String $secretValue -AsPlainText -Force
  45. $secret =  Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $secretName -SecretValue $secretVal
  46.  
  47. Write-Host "Connection Key Vault URL is " $secret
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top