Public/Set-BuildSecrets.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
function Set-BuildSecrets { <# .SYNOPSIS Sets all secrets stored in a specific key vault as environment variables. .DESCRIPTION Sets all secrets stored in a specific key vault as environment variables. The user has to login to azure first using "az login" Important: The - character will automatically be replaced with the _ character. .PARAMETER KeyVaultName The name of the key vault containing the environment .PARAMETER SubscriptionID Allows the user to specify a subscription id if required. if not specified, the default subscription will be used. .EXAMPLE Set-BuildEnvironment -KeyVaultName "MyVault" -ResourceGroupName "MyResourceGroup" #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [String[]]$KeyVaultName, [Parameter(Mandatory = $false)] [String]$SubscriptionID ) # Select the appropriate subscription if ($SubscriptionID) { Invoke-Azcli -Arguments "account set -s $SubscriptionID" } $Results = Invoke-Azcli -Arguments "account show" if ($Results.state -ne 'Enabled') { throw "You must login and select a subscription" } # Get all secrets from specified vault's foreach ($Name in $KeyVaultName) { $Results = Invoke-Azcli -Arguments "keyvault show --name $Name" if ($Results.name -ne $Name) { throw "Key vault [$name] does not exists." } Write-Verbose "Adding Secrets from Vault [$Name]" $Results = Invoke-Azcli -Arguments "keyvault secret list --vault-name $Name" if ($Results.Count -lt 1) { Write-Verbose "No secrets found in vault [$Name]" } $Results = Invoke-Azcli -Arguments "keyvault secret list --vault-name $Name" $Secrets = @() foreach ($Result in $Results) { $Secrets += Split-Path $Result.id -Leaf } foreach ($Secret in $Secrets) { # We get the secret from azure key vault $SecretValue = Invoke-Azcli -Arguments "keyvault secret show --name $Secret --vault-name $Name" | Select-Object -ExpandProperty 'value' # Replace - with _ $Secret = $($Secret.Replace('-','_')) # Set Environment Variable New-Item -Path Env:$Secret -Value $SecretValue -Force | Out-Null Write-Verbose "Secret [$($Secret.Replace('-','_'))] added to environment" } } } |