How the Deprecation of Switch AzureMode Affects Azure Key Vault

Rahul Pulikkot Nath
Rahul Pulikkot Nath

Table of Contents

It's been a while that the 'Switch AzureMode' is deprecated in the Azure PowerShell and has left breaking changes in all the scripts that were using it. I had come across this mode switch first, when starting off with Azure Key Vault, as the then existing cmdlets depended on it. Now that it is deprecated we have updated versions of the PowerShell cmdlets to manage Azure Key Vault. This post revisits all the scripts used in the previous Key Vault posts and provides the updated scripts.

Most of the scripts have the only change of having an extra 'Rm' indicating that those were off the Resource Manager.

# Creating a New Azure Key Vault
New-AzureRmResourceGroup -Name KeyVaultGroup -Location "East Asia"
New-AzureRmKeyVault -VaultName RahulKeyVault -ResourceGroupName KeyVaultGroup -Location "East Asia"

Creating a new key/secret remains the same

# Creating a Key/Secret in Vault
Add-AzureKeyVaultKey -VaultName RahulKeyVault -Name NewKey -Destination Software

# Secret
$apiKey = ConvertTo-SecureString -String "ApiKey" -AsPlainText -Force
Set-AzureKeyVaultSecret -VaultName RahulKeyVault -Name "ApiKey" -SecretValue $apiKey

# Getting existing Vault details
Get-AzureRmKeyVault -VaultName RahulKeyVault

# Creating AD application with certificate authentication
$certificateFilePath = "C:\certificates\ADTestVaultApplication.cer"
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificate.Import($certificateFilePath)
$rawCertificateData = $certificate.GetRawCertData()
$credential = [System.Convert]::ToBase64String($rawCertificateData)
$startDate= [System.DateTime]::Now
$endDate = $startDate.AddYears(1)
$adApplication = New-AzureRmADApplication -DisplayName "RahulTestADApplication"
-HomePage  "http://www.rahulpnath.com" -IdentifierUris "http://www.rahulpnath.com"
-KeyValue  $credential -KeyType "AsymmetricX509Cert" -KeyUsage "Verify" -StartDate $startDate -EndDate $endDate

# Associating the AD application with the key vault
$servicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $adApplication.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName 'RahulKeyVault' -ObjectId  $servicePrincipal.Id -PermissionsToKeys all -PermissionsToSecrets all
$ServicePrincipal.ApplicationId #Outputs the ServicePrincipalName/AppPrincipalId

# User Role assignment
New-AzureRmRoleAssignment -Mail keyvaultuser@domain.onmicrosoft.com
  -RoleDefinitionName Reader -ResourceGroupName SharedGroup

Please drop a comment if I have missed any!

Azure Key Vault
Rahul Pulikkot Nath

Rahul Pulikkot Nath Twitter

You might also like

SNS→Lambda Or SNS→SQS→Lambda Members Public

Should you be processing messages directly from SNS to Lambda or via an SQS Queue? Learn the disadvantages of directly processing messages from SNS and how you can solve those by introducing an SQS Queue in the middle.

Rahul Pulikkot Nath
Rahul Pulikkot Nath
AWS

Amazon SNS and AWS Lambda Triggers in .NET Members Public

Learn how to process SNS messages from AWS Lambda Function. We will learn how to set up and trigger a .NET Lambda Function using SNS, understand scaling and lambda concurrency and how to handle exceptions when processing messages.

Rahul Pulikkot Nath
Rahul Pulikkot Nath
AWS