对如何以编程方式使用 Azure 密钥保管库密钥的立即旋转选项进行了一些研究。我想出了下面的脚本,但它似乎不起作用。我想知道是否有人知道如何在已经存在策略的情况下轮换密钥。
# Install the Azure PowerShell module if not already installed
# Install-Module -Name Az -Force -AllowClobber -Scope CurrentUser
# Sign in to Azure (use 'Connect-AzAccount' and provide credentials if not signed in)
# Connect-AzAccount
# Variables
$KeyVaultName = "my-kv"
# Get all keys in the Key Vault
$keys = Get-AzKeyVaultKey -VaultName $KeyVaultName
foreach ($key in $keys) {
# Create a new version of the key
$newKeyVersion = Update-AzKeyVaultKey -VaultName $KeyVaultName -KeyName $key.Name -KeyVersion $key.KeyIdentifier.Version
Write-Host "Key rotation completed for $($key.Name). New version: $($newKeyVersion.KeyIdentifier.Version)"
}
Write-Host "Key rotation completed for all keys in $KeyVaultName."
我为示例创建了密钥,如下所示:
并为所有键配置轮换策略:
示例,key1
要以编程方式对 Azure 密钥保管库密钥使用 立即旋转选项,请使用以下 PowerShell 脚本:
$KeyVaultName = "testrukkv1"
# Get all keys in the Key Vault
$keys = Get-AzKeyVaultKey -VaultName $KeyVaultName
foreach ($key in $keys) {
# Rotate the key
$newKeyVersion = Invoke-AzKeyVaultKeyRotation -VaultName $KeyVaultName -KeyName $key.Name
Write-Host "Key rotation completed for $($key.Name). New version: $($newKeyVersion.Version)"
}
Write-Host "Key rotation completed for all keys in $KeyVaultName."
输出:
Key rotation completed for key1. New version: xxx
Key rotation completed for key2. New version: xxx
Key rotation completed for key3. New version: xxx
Key rotation completed for all keys in testrukkv1.
在门户中,钥匙旋转成功: