Azure CLI Key Vault Management Intro (Show/Set Secrets etc.)

Assuming you are signed in and account is selected.

List Vaults

az keyvault list
[
  {
    "id": "/subscriptions/.../providers/Microsoft.KeyVault/vaults/...",
    "location": "...",
    "name": "...",
    "resourceGroup": "...",
    "tags": {},
    "type": "Microsoft.KeyVault/vaults"
  }
]

List Secrets

az keyvault secret list --vault-name <vault_name>

Names only:

az keyvault secret list --vault-name <vault name> | jq ".[] | .name"

Sometimes it fails with error (more often on Ubuntu):


The command failed with an unexpected error. Here is the traceback:

No module named 'azure.keyvault.v7_0'
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/knack/cli.py", line 206, in invoke
    cmd_result = self.invocation.execute(args)
  File "/usr/lib/python3/dist-packages/azure/cli/core/commands/__init__.py", line 528, in execute
    self.commands_loader.load_arguments(command)
  File "/usr/lib/python3/dist-packages/azure/cli/core/__init__.py", line 299, in load_arguments
    self.command_table[command].load_arguments()  # this loads the arguments via reflection
  File "/usr/lib/python3/dist-packages/azure/cli/core/commands/__init__.py", line 291, in load_arguments
    super(AzCliCommand, self).load_arguments()
  File "/usr/lib/python3/dist-packages/knack/commands.py", line 97, in load_arguments
    cmd_args = self.arguments_loader()
  File "/usr/lib/python3/dist-packages/azure/cli/command_modules/keyvault/_command_type.py", line 71, in keyvault_arguments_loader
    op = get_op_handler()
  File "/usr/lib/python3/dist-packages/azure/cli/command_modules/keyvault/_command_type.py", line 68, in get_op_handler
    return self.command_loader.get_op_handler(operations_tmpl.format(method_name))
  File "/usr/lib/python3/dist-packages/azure/cli/core/__init__.py", line 536, in get_op_handler
    op = import_module(mod_to_import)
  File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 961, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 973, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'azure.keyvault.v7_0'

There is a fix on GitHub:

  1. Remove default old CLI - sudo apt remove azure-cli -y && sudo apt autoremove -y.
  2. Install the latest - curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash.

Show Secret Value

This displays the value in plaintext!

az keyvault secret show --vault-name ... --name <secret name>

Set/Update Secret Value

az keyvault secret set --vault-name ... --name <secret name> --value <plain text value>
Have a question⁉ Contact me.