Azure – You can now use a Key Vault extension with your Azure Virtual Machines

This is something which is going to simplify your life: the Key Vault extension for Azure Virtual Machine.

Using this extension you will have simpler access to Azure Key Vault for your applications running on Azure Virtual Machines.

The Key Vault extension supports the following operating systems:

  • Windows
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012
  • Linux
    • Ubuntu 1604
    • Ubuntu 1804
    • Debian 9
    • Suse 15

The extension can only be installed with either an ARM template when deploying the virtual machine or with PowerShell/Azure Cli to deploy it on existing virtual machines.

PowerShell deployment for Windows machines

Don’t forget you can use the Cloud Shell

#Construct the Key Vault settings
$settings = ‘{“secretsManagementSettings”:
     { “pollingIntervalInS”: “‘ + <pollingInterval> +
     ‘”, “certificateStoreName”: “‘ + <certStoreName> +
     ‘”, “certificateStoreLocation”: “‘ + <certStoreLoc> +
     ‘”, “observedCertificates”: [“‘ + <observedCerts> + ‘”] } }’
$extName =  “KeyVaultForWindows
$extPublisher = “Microsoft.Azure.KeyVault.Edp”
$extType = “KeyVaultForWindows

#Deploy the extension
Set-AzVmExtension -TypeHandlerVersion “1.0” -ResourceGroupName <resource group of your virtual machine> -Location <Azure region of the virtual machine> -VMName <your virtual machine> -Name $extName -Publisher $extPublisher -Type $extType -SettingString $settings

If you need to deploy it on Virtual Machine scale set

#Construct the Key Vault settings
$settings = ‘{“secretsManagementSettings”:
     { “pollingIntervalInS”: “‘ + <pollingInterval> +
     ‘”, “certificateStoreName”: “‘ + <certStoreName> +
     ‘”, “certificateStoreLocation”: “‘ + <certStoreLoc> +
     ‘”, “observedCertificates”: [“‘ + <observedCerts> + ‘”] } }’
$extName = “KeyVaultForWindows
$extPublisher = “Microsoft.Azure.KeyVault.Edp”
$extType = “KeyVaultForWindows

#Add the extension to the scale set
$vmss = Get-AzVmss -ResourceGroupName <resource group of your scale set> -VMScaleSetName <your scale set name>
Add-AzVmssExtension -VirtualMachineScaleSet $vmss  -Name $extName -Publisher $extPublisher -Type $extType -TypeHandlerVersion “1.0” -Setting $settings

#Deplopy the extension
Update-AzVmss -ResourceGroupName <<resource group of your virtual machine>> -VMScaleSetName <your scale set name> -VirtualMachineScaleSet $vmss

PowerShell Deployment for Linux machines

#Construct the Key Vault settings
$settings = ‘{“secretsManagementSettings”:
     { “pollingIntervalInS”: “‘ + <pollingInterval> +
     ‘”, “certificateStoreName”: “‘ + <certStoreName> +
     ‘”, “certificateStoreLocation”: “‘ + <certStoreLoc> +
     ‘”, “observedCertificates”: [“‘ + <observedCerts> + ‘”] } }’
$extName =  “KeyVaultForLinux
$extPublisher = “Microsoft.Azure.KeyVault.Edp”
$extType = “KeyVaultForLinux

#Deploy the extension
Set-AzVmExtension -TypeHandlerVersion “1.0” -ResourceGroupName <resource group of your virtual machine> -Location <Azure region of the virtual machine> -VMName <your virtual machine> -Name $extName -Publisher $extPublisher -Type $extType -SettingString $settings

And the same for the scale set deployment

#Construct the Key Vault settings
$settings = ‘{“secretsManagementSettings”:
     { “pollingIntervalInS”: “‘ + <pollingInterval> +
     ‘”, “certificateStoreName”: “‘ + <certStoreName> +
     ‘”, “certificateStoreLocation”: “‘ + <certStoreLoc> +
     ‘”, “observedCertificates”: [“‘ + <observedCerts> + ‘”] } }’
$extName = “KeyVaultForLinux
$extPublisher = “Microsoft.Azure.KeyVault.Edp”
$extType = “KeyVaultForLinux

#Add the extension to the scale set
$vmss = Get-AzVmss -ResourceGroupName <resource group of your scale set> -VMScaleSetName <your scale set name>
Add-AzVmssExtension -VirtualMachineScaleSet $vmss  -Name $extName -Publisher $extPublisher -Type $extType -TypeHandlerVersion “1.0” -Setting $settings

#Deplopy the extension
Update-AzVmss -ResourceGroupName <<resource group of your virtual machine>> -VMScaleSetName <your scale set name> -VirtualMachineScaleSet $vmss

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Book a Demo

Your Name (required)

Your Email (required)

Phone Number(Optional)

Ask a Question

Your Name (required)

Your Email (required)

Phone Number(Optional)

Your Message

Book Assessment

Evaluate your modern workplace security posture and validate it against current best practices with a Microsoft Secure Score Assessment, from cubesys

Your Name (required)

Your Email (required)

Phone Number(Optional)

Book your Windows Analytics Deployment

Your Name (required)

Your Email (required)

Phone Number(Optional)