- Lab
- A Cloud Guru
Protect Script Secrets with Azure Key Vault
Azure includes several services to help protect secret information for our applications and scripts. Within this hands-on lab, we'll be working with managed identities and key vault. Managed identities help us to provide an Azure Active Directory (AD) identity for Azure resources we manage. We can then use this identity to securely access some Azure services, such as key vault. After completing this lesson, you will become familiar with how we can securely store secret information within a key vault, and then access that information securely from an Azure virtual machine.
Path Info
Table of Contents
-
Challenge
Configure a Managed Identity for VM1
Use the Azure Portal to perform the following tasks. Please log in with the credentials provided to you for this lab.
Configure a Managed Identity for VM1
- Navigate to the virtual machine,
vm1
, which has been created for you. You may search for vm1, access via all resources, or through the 'Virtual Machines' service page.
Please take note of the region in use for all of the resources that have been deployed, as we will need to use the same region in the following steps.
- Click on Identity in the Settings section of the resource menu on the left-hand side.
- Click System assigned within the working pane (middle of the screen) and change the Status to On.
- Click Save, then click Yes.
- Navigate to the virtual machine,
-
Challenge
Configure a Key Vault
Create a Key Vault
- Click on the + Create a resource option.
- Search for key vault.
- Choose the key vault option, then click on Create.
- Create the key vault with the following settings:
- Basics
- Subscription: select the existing subscription
- Resource group: select the existing resource group
- Name:
labkeyvault
+ 4 unique characters (e.g.labkeyvaultxx11
) - Region: Select the region in use for your existing resources
- Pricing tier: Standard
- Click Next
- Access policy
- Click Add Access Policy
- Template: Key, Secret, & Certificate Management
- Select principal:
vm1
- Click Add
- Basics
- Click on Review + create >> Create
-
Challenge
Verify Secure Key Vault Access from VM1
Use the Azure Portal to gather the necessary information. Please be aware you will need an RDP client to connect to the Windows server.
To connect to
vm1
, use the credentials provided on the lab page.Connect to VM1 using RDP
- Navigate to the Virtual Machines services page.
- Open the existing VM called
vm1
. - Click on the Connect option in the command bar, and select RDP.
- Use the RDP file with your preferred RDP client.
Note: you may choose to copy the public IP address and connect via RDP manually with your RDP client, instead of using the RDP file.
Copy the Key Vault Details
- Navigate to the Key Vaults section in the Azure Portal.
- Open the Key Vault you just created.
- Copy the DNS Name from the working pane (middle of the screen).
Install Azure CLI
- Right-click on the Start Menu then choose Run.
- Type
powershell
and press enter. - Run the following command:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
- Run the following command:
Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile $home\Desktop\AzureCLI.msi
. - Run the following command:
Start-Process msiexec.exe -Wait -ArgumentList "/I $home\Desktop\AzureCLI.msi /quiet"
. - Type
exit
and press Enter.
Test Key Vault using Azure CLI
- Right-click on the Start Menu then choose Run.
- Type
cmd
and press Enter. - Login using the managed identity:
az login --identity --allow-no-subscriptions
- Type
az keyvault secret set --name mySecret --value secret123 --vault-name labkeyvaultxx11
(use the name of the Key Vault you created earlier) - Type
az keyvault secret show --name mySecret --vault-name labkeyvaultxx11
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.