How the Deprecation of Switch AzureMode Affects Azure Key Vault

Azure·
Skip Ad

It's been a while that the 'Switch AzureMode' is deprecated in the Azure PowerShell and has left breaking changes in all the scripts that were using it. I had come across this mode switch first, when starting off with Azure Key Vault, as the then existing cmdlets depended on it. Now that it is deprecated we have updated versions of the PowerShell cmdlets to manage Azure Key Vault. This post revisits all the scripts used in the previous Key Vault posts and provides the updated scripts.

Most of the scripts have the only change of having an extra 'Rm' indicating that those were off the Resource Manager.

# Creating a New Azure Key Vault
New-AzureRmResourceGroup -Name KeyVaultGroup -Location "East Asia"
New-AzureRmKeyVault -VaultName RahulKeyVault -ResourceGroupName KeyVaultGroup -Location "East Asia"

Creating a new key/secret remains the same

# Creating a Key/Secret in Vault
Add-AzureKeyVaultKey -VaultName RahulKeyVault -Name NewKey -Destination Software


# Secret
$apiKey = ConvertTo-SecureString -String "ApiKey" -AsPlainText -Force
Set-AzureKeyVaultSecret -VaultName RahulKeyVault -Name "ApiKey" -SecretValue $apiKey
# Getting existing Vault details
Get-AzureRmKeyVault -VaultName RahulKeyVault
# Creating AD application with certificate authentication
$certificateFilePath = "C:\certificates\ADTestVaultApplication.cer"
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificate.Import($certificateFilePath)
$rawCertificateData = $certificate.GetRawCertData()
$credential = [System.Convert]::ToBase64String($rawCertificateData)
$startDate= [System.DateTime]::Now
$endDate = $startDate.AddYears(1)
$adApplication = New-AzureRmADApplication -DisplayName "RahulTestADApplication"
-HomePage  "http://www.rahulpnath.com" -IdentifierUris "http://www.rahulpnath.com"
-KeyValue  $credential -KeyType "AsymmetricX509Cert" -KeyUsage "Verify" -StartDate $startDate -EndDate $endDate
# Associating the AD application with the key vault
$servicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $adApplication.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName 'RahulKeyVault' -ObjectId  $servicePrincipal.Id -PermissionsToKeys all -PermissionsToSecrets all
$ServicePrincipal.ApplicationId #Outputs the ServicePrincipalName/AppPrincipalId
# User Role assignment
New-AzureRmRoleAssignment -Mail keyvaultuser@domain.onmicrosoft.com
  -RoleDefinitionName Reader -ResourceGroupName SharedGroup

Please drop a comment if I have missed any!

Azure

About the author

R

Rahul Nath

Software engineer passionate about AWS, .NET, and building better developer experiences. I write about cloud architecture, productivity, and the lessons learned from over a decade in software development.