az vm secret

Manage VM secrets.

Commands

az vm secret add

Add a secret to a VM.

az vm secret format

Transform secrets into a form that can be used by VMs and VMSSes.

az vm secret list

List secrets on a VM.

az vm secret remove

Remove a secret from a VM.

az vm secret add

Add a secret to a VM.

az vm secret add --certificate
                 --keyvault
                 [--certificate-store]
                 [--ids]
                 [--name]
                 [--resource-group]
                 [--subscription]

Examples

Add a secret to a VM. (autogenerated)

az vm secret add --certificate {certificate} --keyvault {keyvault} --name MyVirtualMachine --resource-group MyResourceGroup

Required Parameters

--certificate

Key vault certificate name or its full secret URL.

--keyvault

Name or ID of the key vault.

Optional Parameters

--certificate-store

Windows certificate store names. Default: My.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az vm secret format

Transform secrets into a form that can be used by VMs and VMSSes.

az vm secret format --secrets
                    [--certificate-store]
                    [--keyvault]
                    [--resource-group]
                    [--subscription]

Examples

Create a self-signed certificate with the default policy, and add it to a virtual machine.

az keyvault certificate create --vault-name vaultname -n cert1 \
  -p "$(az keyvault certificate get-default-policy)"

secrets=$(az keyvault secret list-versions --vault-name vaultname \
  -n cert1 --query "[?attributes.enabled].id" -o tsv)

vm_secrets=$(az vm secret format -s "$secrets")
az vm create -g group-name -n vm-name --admin-username deploy  \
  --image debian --secrets "$vm_secrets"

Required Parameters

--secrets -s

Space-separated list of key vault secret URIs. Perhaps, produced by 'az keyvault secret list-versions --vault-name vaultname -n cert1 --query "[?attributes.enabled].id" -o tsv'.

Optional Parameters

--certificate-store

Windows certificate store names. Default: My.

--keyvault

Name or ID of the key vault.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az vm secret list

List secrets on a VM.

az vm secret list --name
                  --resource-group
                  [--query-examples]
                  [--subscription]

Examples

List secrets on a VM. (autogenerated)

az vm secret list --name MyVirtualMachine --resource-group MyResourceGroup

Required Parameters

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az vm secret remove

Remove a secret from a VM.

az vm secret remove --keyvault
                    [--certificate]
                    [--ids]
                    [--name]
                    [--resource-group]
                    [--subscription]

Required Parameters

--keyvault

Name or ID of the key vault.

Optional Parameters

--certificate

Key vault certificate name or its full secret URL.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.