All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Labs icon Lab
  • Cloud
  • Security
Azure icon
Labs

Securely Access Script Secrets in Azure Key Vault

Azure includes several services to help protect secret information for our applications and scripts. Key Vault is designed for secure programmatic access of secret information. However to access this information, we need to authenticate against Azure AD. This is where managed identities can help. And while, Key Vault is built for public accessibility, through the use of a resource firewall and Azure Private Link, we can ensure this communication remains private. In this hands-on lab, we'll configure secure connectivity for a VM to Azure Key Vault using Azure Private Link. We'll also enable managed identity for the VM to provide native Azure AD authentication to the Key Vault service. **Scenario** You've recently been hired as a security engineer and tasked with improving the security of some DevOps tasks that are performed at your company. Your manager has asked you to improve the security of an important automation VM, which is responsible for running several scripts. It has been found that some PowerShell scripts currently executing on the automation VM are using secret information hard-coded into the scripts in plain text. You must secure this solution by configuring Azure Key Vault, Private Link, and managed identities all to ensure the automation scripts can run securely by storing secrets in Key Vault.

Get started Contact sales
Azure icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 45m
Last updated
Clock icon Sep 02, 2025

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Associate the managed identity with the VM

    1. Locate the existing virtual machine vm1.
    2. Associated the existing managed identity.

  2. Challenge

    Configure Key Vault with Private Link

    1. Create a new Key Vault Service with the following settings:
      • Only allow access via a private endpoint.

  3. Challenge

    Use PowerShell to create and read secrets in Key Vault

    1. Connect to vm1 using RDP.
    2. Using PowerShell, log in to Azure using the managed identity.

      Note: The necessary PowerShell modules to complete these steps has been installed on vm1 for you.

    3. Create a secret in Key Vault.
    4. Read your secret from Key Vault.
Pluralsight Skills - Labs - Pluralsight
Author
Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.
Ready to get started?
View individual plans View team plans