Created
October 13, 2023 08:41
-
-
Save techdecline/eca3a70d8f249d031a7d440069a6d71b to your computer and use it in GitHub Desktop.
Create/Update Azure Key Vault Secrets from JSON File using regex, whatif
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding(SupportsShouldProcess)] | |
| param ( | |
| [Parameter(Mandatory=$false)] | |
| [String] | |
| $KeyVaultName = "kv-share-pw-gwc-c-0", | |
| [Parameter(Mandatory=$false)] | |
| [String] | |
| $ResourceGroupName = "rg-share-pw-gwc-c-0", | |
| [Parameter(Mandatory=$false)] | |
| [ValidateScript({Test-Path $_})] | |
| [String] | |
| $JsonInputFile = "./sql-users.json" | |
| ) | |
| $kvObj = Get-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $ResourceGroupName | |
| if ($kvObj) { | |
| Get-Content $JsonInputFile | ConvertFrom-Json | ForEach-Object { | |
| $tmpObj = $_ | |
| switch -regex ($tmpObj.title) { | |
| "DataDog.*" { | |
| Write-Verbose "Entry is a Datadog Secret" | |
| $instanceName = ($tmpObj.title -split " ")[2] | |
| $secretName = "$($instanceName)-DataDogCredential" | |
| if ($PSCmdlet.ShouldProcess($secretName)) { | |
| Set-AzKeyVaultSecret -VaultName $kvObj.VaultName -Name $secretName -SecretValue (ConvertTo-SecureString -AsPlainText -Force $tmpObj.password) -ContentType "datadog" | |
| } | |
| } | |
| ".*bitlockerpassword" { | |
| Write-Verbose "Entry is a BitLocker Secret, will be ignored for now" | |
| } | |
| ".*AGT$" { | |
| Write-Verbose "Entry is a Agent Service Secret" | |
| $instanceName = ([regex]::matches($tmpObj.title, "\.(.*)AGT$")).Groups[1].Value | |
| $secretName = "$($instanceName)-AgtSvcCredential" | |
| if ($PSCmdlet.ShouldProcess($secretName)) { | |
| Set-AzKeyVaultSecret -VaultName $kvObj.VaultName -Name $secretName -SecretValue (ConvertTo-SecureString -AsPlainText -Force $tmpObj.password) -ContentType $tmpObj.login | |
| } | |
| break # end switch to prevent svc account from conflict | |
| } | |
| "Sa user.*" | |
| { | |
| $instanceName = ($tmpObj.title -split " ")[2] | |
| $secretName = "$($instanceName)-SaCredential" | |
| if ($PSCmdlet.ShouldProcess($secretName)) { | |
| Set-AzKeyVaultSecret -VaultName $kvObj.VaultName -Name $secretName -SecretValue (ConvertTo-SecureString -AsPlainText -Force $tmpObj.password) -ContentType "sa" | |
| } | |
| } | |
| ".svc\.(.*)$" | |
| { | |
| $instanceName = ([regex]::matches($tmpObj.title, "svc\.(.*)$")).Groups[1].Value | |
| $secretName = "$($instanceName)-SqlSvcCredential" | |
| if ($PSCmdlet.ShouldProcess($secretName)) { | |
| Set-AzKeyVaultSecret -VaultName $kvObj.VaultName -Name $secretName -SecretValue (ConvertTo-SecureString -AsPlainText -Force $tmpObj.password) -ContentType $tmpObj.login | |
| } | |
| } | |
| Default { | |
| $secretName = $tmpObj.title | |
| $secretName = (($secretName -replace "\s","-") -replace "\\","-") -replace "\.","-" | |
| if ($PSCmdlet.ShouldProcess($secretName)) { | |
| Set-AzKeyVaultSecret -VaultName $kvObj.VaultName -Name $secretName -SecretValue (ConvertTo-SecureString -AsPlainText -Force $tmpObj.password) -ContentType $tmpObj.login | |
| } | |
| } | |
| } | |
| } | |
| } | |
| else { | |
| Write-Warning "No such Key Vault $($KeyVaultName)" | |
| return $null | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment