Search code examples
azureazure-powershellazure-keyvaultazure-rest-api

How to get all key secrets after rest api collect all secrets in Azure Key Vault

Have a nice day everyone! I have a VMware Windows Which has permission in key vault and I want to collect all key secrets but the code below when it finished just has ID + Attributes not consist value of Key secrets. Anyone can help me finish the code below to get all key secrets.

Many thanks for your help!

$RresourceUrl = 'dddd.vault.azure.net'

# Compose REST request.
$response = Invoke-WebRequest -Uri 'http://169.254.111.211/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Method GET -Headers @{Metadata="true"}

$OAuth = $response.Content | ConvertFrom-Json


# Check if authentication was successfull.
if ($OAuth.access_token) {
    #Format headers.
    $HeaderParams = @{
            'Content-Type'  = "application\json"

            'Authorization' = "Bearer $($OAuth.access_token)"
    }

    # Create an empty array to store the result.
    $QueryResults = @()
    
    $Uri = "https://$RresourceUrl/secrets?api-version=2016-10-01"
    # Invoke REST method and fetch data until there are no pages left.
    do {
        
        $Results = Invoke-WebRequest -Uri $Uri -Method GET -Headers $HeaderParams | ConvertFrom-Json
        $Results.nextLink
        if ($Results.value) {
            $QueryResults += $Results.value
        }
        else {
            $QueryResults += $Results
        }
        $Uri = $Results.nextLink
    } until (!($Uri))

    # Return the result.
    $QueryResults | Export-Csv -NoTypeInformatio *\Documents\Tesst.csv    
}  
else {
    Write-Error "No Access Token"
}
Solution

  • This is my final code maybe isn't optimized but it worked.

    $RresourceUrl = 'devakv01.vault.azure.net'

# Compose REST request.
$response = Invoke-WebRequest -Uri 'http://169.254.111.211/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Method GET -Headers @{Metadata="true"}

$OAuth = $response.Content | ConvertFrom-Json


# Check if authentication was successfull.
if ($OAuth.access_token) {
    #Format headers.
    $HeaderParams = @{
            'Content-Type'  = "application\json"

            'Authorization' = "Bearer $($OAuth.access_token)"
    }

    # Create an empty array to store the result.
    $QueryResults = @()
    
    $Uri = "https://$RresourceUrl/secrets?api-version=2016-10-01"
    # Invoke REST method and fetch data until there are no pages left.
    do {
        
        $Results = Invoke-WebRequest -Uri $Uri -Method GET -Headers $HeaderParams | ConvertFrom-Json
        $Results.nextLink
        if ($Results.value) {
            $QueryResults += $Results.value
        }
        else {
            $QueryResults += $Results
        }
        $Uri = $Results.nextLink
    } until (!($Uri))

    # Return the result.
    $QueryResults    
}  
else {
    Write-Error "No Access Token"
}

# get Key after to have secrets name            
              
$output = ForEach ($nameSecret in $QueryResults.id)
{ 
    $Resultskey = Invoke-WebRequest -Uri $($nameSecret+'?api-version=2016-10-01') -Method GET  -Headers $HeaderParams | ConvertFrom-Json
    $Resultskey 
}
$output  | Export-Csv -NoTypeInformatio *\$RresourceUrl.csv