Read Microsoft documentation for introduction.

Create Azure Key Vault using Azure Portal

First we are going to create Azure Key Vault using Azure Portal

Open Azure Portal, log in with correct account. If you don't have an account read my blog how to create one Create Microsoft Azure Account

Create a resource

Create a resource and type Key V, then choose Key Vault

Key Vault

Click the blue button Create

Create Key Vault

Choose name and subscription, then I am going to create new Resource Group, you can just pick one from drop down menu if you have some existing Resource Groups.

If you want to create a new one just click on Create new

New Resource Group

Provide Name for new Resource Group and click OK and then Create

I called Resource Group KeyVaultForBlog and it looks like this

Click on my-super-secrets resource

Secrets

Click on Secrets

Secrets

Now we can generate some secrets. Click on Generate/Import.

Let's start with Resource Group Name

Create a secret

Provide Name and Value. Set activation date and expiration date if necessary.

Click on Create. NB: you can't use underscore here and you can't se the value when you click on Create.

An example how it can look

All Secrets

Be careful you can't see any more values for secrets, you can only change the value by creating a new version or delete and create new one.

New Version

Create Azure Key Vault using Powershell

Open Windows Powershell ISE

Paste in

#Sign in
Connect-AzureRmAccount 

Choose correct account. To run powershell commands line by line just select the line and click on F8.

Or save the script and just run it.

We create a resource group, skip this step if you want reuse one

# create resource group
New-AzureRmResourceGroup -Name 'Secrets' -Location 'West Europe'

Provide a Name and Location

Resource groups

Create a new Azure Key Vault

# create a new Azure Key Vault
New-AzureRmKeyVault -VaultName 'ThisIsNameForKeyVault' -ResourceGroupName 'Secrets' -Location 'West Europe'

Spesify the Name for Key Vault, resource group name and Location. NB: New-AzureRmKeyVault command doesn't create a new resource group, you will get error if resource group doesn't exist.

Key Vault
# convert our secret to a secure string
$secretValue = ConvertTo-SecureString -String 'MyVerySecretResourceGroup' -AsPlainText -Force

# create secret
$secret = Set-AzureKeyVaultSecret -VaultName 'ThisIsNameForKeyVault' -Name 'ResourceGroup' -SecretValue $secretValue

Now we are creating Azure Key Secret with name ResourceGroup and value we defined in variable secretValue.

The result is

Secrets

The PowerShell script looks like this with some small refactoring

#Sign in
Connect-AzureRmAccount 

$resourceGroupName = 'Secrets'
$location = 'West Europe'

# create resource group
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location

# create a new Azure Key Vault
New-AzureRmKeyVault -VaultName 'ThisIsNameForKeyVault' -ResourceGroupName $resourceGroupName -Location $location

# convert our secret to a "secure string"
$secretValue = ConvertTo-SecureString -String 'MyVerySecretResourceGroup' -AsPlainText -Force

# create secret
$secret = Set-AzureKeyVaultSecret -VaultName 'ThisIsNameForKeyVault' -Name 'ResourceGroup' -SecretValue $secretValue


What is Azure Key Vault

Create Microsoft Azure Account