Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Azure icon

Protect Script Secrets with Azure Key Vault

Azure includes several services to help protect secret information for our applications and scripts. Within this hands-on lab, we'll be working with managed identities and key vault. Managed identities help us to provide an Azure Active Directory (AD) identity for Azure resources we manage. We can then use this identity to securely access some Azure services, such as key vault. After completing this lesson, you will become familiar with how we can securely store secret information within a key vault, and then access that information securely from an Azure virtual machine.

Azure icon

Path Info

Clock icon Intermediate
Clock icon 45m
Clock icon Jul 02, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Configure a Managed Identity for VM1

    Use the Azure Portal to perform the following tasks. Please log in with the credentials provided to you for this lab.

    Configure a Managed Identity for VM1

    1. Navigate to the virtual machine, vm1, which has been created for you. You may search for vm1, access via all resources, or through the 'Virtual Machines' service page.

    Please take note of the region in use for all of the resources that have been deployed, as we will need to use the same region in the following steps.

    1. Click on Identity in the Settings section of the resource menu on the left-hand side.
    2. Click System assigned within the working pane (middle of the screen) and change the Status to On.
    3. Click Save, then click Yes.
  2. Challenge

    Configure a Key Vault

    Create a Key Vault

    1. Click on the + Create a resource option.
    2. Search for key vault.
    3. Choose the key vault option, then click on Create.
    4. Create the key vault with the following settings:
      • Basics
        • Subscription: select the existing subscription
        • Resource group: select the existing resource group
        • Name: labkeyvault + 4 unique characters (e.g. labkeyvaultxx11)
        • Region: Select the region in use for your existing resources
        • Pricing tier: Standard
        • Click Next
      • Access policy
        • Click Add Access Policy
        • Template: Key, Secret, & Certificate Management
        • Select principal: vm1
        • Click Add
    5. Click on Review + create >> Create
  3. Challenge

    Verify Secure Key Vault Access from VM1

    Use the Azure Portal to gather the necessary information. Please be aware you will need an RDP client to connect to the Windows server.

    To connect to vm1, use the credentials provided on the lab page.

    Connect to VM1 using RDP

    1. Navigate to the Virtual Machines services page.
    2. Open the existing VM called vm1.
    3. Click on the Connect option in the command bar, and select RDP.
    4. Use the RDP file with your preferred RDP client.

    Note: you may choose to copy the public IP address and connect via RDP manually with your RDP client, instead of using the RDP file.

    Copy the Key Vault Details

    1. Navigate to the Key Vaults section in the Azure Portal.
    2. Open the Key Vault you just created.
    3. Copy the DNS Name from the working pane (middle of the screen).

    Install Azure CLI

    1. Right-click on the Start Menu then choose Run.
    2. Type powershell and press enter.
    3. Run the following command: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    4. Run the following command: Invoke-WebRequest -Uri -OutFile $home\Desktop\AzureCLI.msi.
    5. Run the following command: Start-Process msiexec.exe -Wait -ArgumentList "/I $home\Desktop\AzureCLI.msi /quiet".
    6. Type exit and press Enter.

    Test Key Vault using Azure CLI

    1. Right-click on the Start Menu then choose Run.
    2. Type cmd and press Enter.
    3. Login using the managed identity: az login --identity --allow-no-subscriptions
    4. Type az keyvault secret set --name mySecret --value secret123 --vault-name labkeyvaultxx11 (use the name of the Key Vault you created earlier)
    5. Type az keyvault secret show --name mySecret --vault-name labkeyvaultxx11

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans