Skip to content

Commit

Permalink
Add Key Vault virtual machine extension examples and suggestions (Azu…
Browse files Browse the repository at this point in the history 
…re#15467)

* Add Key Vault Extension changes

* Update Add-AzVmssSecret.md

* Update src/Compute/Compute/help/Add-AzVMSecret.md

Co-authored-by: Yeming Liu <[email protected]>

* Update Add-AzVMSecret.md

* Update Add-AzVmssSecret.md

* Update Add-AzVMSecret.md

* Update Add-AzVmssSecret.md

Co-authored-by: Yeming Liu <[email protected]>
Co-authored-by: Yeming Liu <[email protected]>
  • Loading branch information
@mimckitt @isra-fel
3 people authored Jul 18, 2021
1 parent e565e23 commit b8fffcd
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 2 deletions.
22 changes: 21 additions & 1 deletion src/Compute/Compute/help/Add-AzVMSecret.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,28 @@ For more information about the cmdlets, see [Azure Key Vault Cmdlets](/powershel

## EXAMPLES

### Example 1: Add a secret to a virtual machine
### Example 1: Add a secret to a virtual machine using the Azure Key Vault virtul machine extension
To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows).

```powershell
# Build settings
PS C:\> $settings = @{
secretsManagementSettings = @{
pollingIntervalInS = "<pollingInterval>"
certificateStoreName = "<certStoreName>"
certificateStoreLocation = "<certStoreLoc>"
observedCertificates = @("<observedCert1>", "<observedCert2>")
}
} | ConvertTo-Json
PS C:\> $extName = "KeyVaultForLinux"
PS C:\> $extPublisher = "Microsoft.Azure.KeyVault"
PS C:\> $extType = "KeyVaultForLinux"
# Start the deployment
PS C:\> Set-AzVmExtension -TypeHandlerVersion "2.0" -ResourceGroupName <ResourceGroupName> -Location <Location> -VMName <VMName> -Name $extName -Publisher $extPublisher -Type $extType -SettingString $settings
```

### Example 2: Add a secret to a virtual machine using Add-AzVMSecret
```powershell
PS C:\> $VirtualMachine = New-AzVMConfig -VMName "VirtualMachine07" -VMSize "Standard_A1" -AvailabilitySetID $AvailabilitySet.Id
PS C:\> $Credential = Get-Credential
PS C:\> $VirtualMachine = Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -ComputerName "Contoso26" -Credential $Credential
Expand Down
26 changes: 25 additions & 1 deletion src/Compute/Compute/help/Add-AzVmssSecret.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,32 @@ For more information about the cmdlets, see [Azure Key Vault Cmdlets](/powershel

## EXAMPLES

### Example 1: Add a secret to the VMSS
### Example 1: Add a secret to the VMSS using the Azure Key Vault virtual machine extension

```powershell
# Build settings
PS C:\> $settings = @{
secretsManagementSettings = @{
pollingIntervalInS = "<pollingInterval>"
certificateStoreName = "<certStoreName>"
certificateStoreLocation = "<certStoreLoc>"
observedCertificates = @("<observedCert1>", "<observedCert2>")
}
} | ConvertTo-Json
PS C:\> $extName = "KeyVaultForLinux"
PS C:\> $extPublisher = "Microsoft.Azure.KeyVault"
PS C:\> $extType = "KeyVaultForLinux"
# Add Extension to VMSS
PS C:\> $vmss = Get-AzVmss -ResourceGroupName <ResourceGroupName> -VMScaleSetName <VmssName>
PS C:\> Add-AzVmssExtension -VirtualMachineScaleSet $vmss -Name $extName -Publisher $extPublisher -Type $extType -TypeHandlerVersion "2.0" -Setting $settings
# Start the deployment
PS C:\> Update-AzVmss -ResourceGroupName <ResourceGroupName> -VMScaleSetName <VmssName> -VirtualMachineScaleSet $vmss
```

To install certificates on a virtual machine it is recommended to use the [Azure Key Vault virtual machine extension for Linux](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-linux) or the [Azure Key Vault virtual machine extension for Windows](https://docs.microsoft.com/azure/virtual-machines/extensions/key-vault-windows).

### Example 2: Add a secret to the VMSS using Add-AzVmssSecret
```powershell
PS C:\> $Vault = Get-AzKeyVault -VaultName "ContosoVault"
PS C:\> $CertConfig = New-AzVmssVaultCertificateConfig -CertificateUrl "http://keyVaultName.vault.contoso.net/secrets/secretName/secretVersion" -CertificateStore "Certificates"
PS C:\> $VMSS = New-AzVmssConfig
Expand Down

0 comments on commit b8fffcd

Please sign in to comment.