How to create and retreive secrets from Azure Keyvault using Azure CLI

You can create and retrieve secrets stored in Azure Keyvault by using Azure Portal as well as using command line. In this blog post we will see how to create a secret in Azure Keyvault using AzureCLI and then to retrieve the secret as well. Before we start, we need to Install AzureCLI on the local system. If you already have Azure CLI installed on your system then you can skip this step, Else you can click on this link to Download Azure CLI: https://aka.ms/installazurecliwindows. To read more installing Azure CLI on Windows you can click on the link: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli. Once you have downloaded Azure CLI MSI file. You can double-click on it to launch and follow the wizard to install it on your system.

Installation of Azure CLI MSI file

Once AzureCLI is installed on your system. You can open a command prompt or powershell console and run az version command to verify if its installed and working fine.

az version command screenshot

First you need to login and authenticate with AzureCloud to be able to create Azure Keyvault and Create or retrieve secrets. Type az login command on your command prompt which will open a browser session to complete ths authentication process. Login using your administrator account.

az login command screenshot

Next step is to use az keyvault create command to create an Azure Keyvault. If you already have Azure Keyvault created and you just want to create a secret in Azure Keyvault then you can skip this step. Replace the values from below example as per your naming convention.

Create Azure KeyVault

To create Azure Keyvault you can use az keyvault create command. Refer to below example for creating it.

az keyvault create --name "newKeyVaultUKSouth01" --resource-group "UkSouthRg" --location "UKSouth"
az keyvault create

Create Azure KeyVault Secret

To create Azure Keyvault secret set you can use az keyvault secret command. Here is an example of creating an Azure Keyvault secret.

az keyvault secret set --vault-name "newKeyVaultUKSouth01" --name "SqlAdmin" --value "Jhne&(nol@jdn88HHG"
Azure Keyvault secret set

As you have created a secret in Azure keyvault, you can verify the same on Azure Portal to make sure its created successfully.

Azure Keyvault secret set

Retrieve Azure KeyVault Secret

To retrieve Azure Keyvault secret you can use az keyvault secret show command. Use below example as a reference to retrieve Azure Keyvault secrets.

az keyvault secret show --name "SqlAdmin" --vault-name "newKeyVaultUKSouth01" --query "value"
az keyvault secret show