Public/Set-BuildSecrets.ps1
function Set-BuildSecrets { <# .SYNOPSIS Sets all secrets stored in a specific key vault as environment variables. .DESCRIPTION Sets all secrets stored in a specific key vault as environment variables. The user has to login to azure first using "az login" Important: The - character will automatically be replaced with the _ character. .PARAMETER KeyVaultName The name of the key vault containing the environment .PARAMETER SubscriptionID Allows the user to specify a subscription id if required. if not specified, the default subscription will be used. .EXAMPLE Set-BuildEnvironment -KeyVaultName "MyVault" -ResourceGroupName "MyResourceGroup" #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [String[]]$KeyVaultName, [Parameter(Mandatory = $false)] [String]$SubscriptionID ) # Check if we are logged in $Results = Invoke-Azcli -Arguments "account list" if ($Results.Count -lt 1) { throw "You must login first" } # Select the appropriate subscription if ($SubscriptionID) { Invoke-Azcli -Arguments "account set -s $SubscriptionID" } $Results = Invoke-Azcli -Arguments "account show" if ($Results.state -ne 'Enabled') { throw "You must select a subscription" } # Get all secrets from specified vault's foreach ($Name in $KeyVaultName) { $Results = Invoke-Azcli -Arguments "keyvault show --name $Name" if ($Results.name -ne $Name) { throw "Key vault [$name] does not exists." } Write-Verbose "Adding Secrets from Vault [$Name]" $Results = Invoke-Azcli -Arguments "keyvault secret list --vault-name $Name" if ($Results.Count -lt 1) { Write-Verbose "No secrets found in vault [$Name]" } $Results = Invoke-Azcli -Arguments "keyvault secret list --vault-name $Name" $Secrets = @() foreach ($Result in $Results) { $Secrets += Split-Path $Result.id -Leaf } foreach ($Secret in $Secrets) { # We get the secret from azure key vault $SecretValue = Invoke-Azcli -Arguments "keyvault secret show --name $Secret --vault-name $Name" | Select-Object -ExpandProperty 'value' # Replace - with _ $Secret = $($Secret.Replace('-','_')) # Set Environment Variable New-Item -Path Env:$Secret -Value $SecretValue -Force | Out-Null Write-Verbose "Secret [$($Secret.Replace('-','_'))] added to environment" } } } |