From 5b0270eef4d6a33fbc4094fd6460c86ab5d2c430 Mon Sep 17 00:00:00 2001 From: Daya Patil <42440802+Daya-Patil@users.noreply.github.com> Date: Tue, 18 Jun 2019 02:43:01 +0530 Subject: [PATCH] fix Script for new AZ mod (#194) * fix Script for new AZ mod --- .../encrypt-vm/encrypt-windows-vm.ps1 | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/virtual-machine/encrypt-vm/encrypt-windows-vm.ps1 b/virtual-machine/encrypt-vm/encrypt-windows-vm.ps1 index c21f4b75..6eb3a7a4 100644 --- a/virtual-machine/encrypt-vm/encrypt-windows-vm.ps1 +++ b/virtual-machine/encrypt-vm/encrypt-windows-vm.ps1 @@ -6,7 +6,8 @@ $rgName = "myResourceGroup" #Region $location = "East US" #Password to place w/in the KeyVault -$securePassword = ConvertTo-SecureString -String "P@ssword!" -AsPlainText -Force +$password = $([guid]::NewGuid()).Guid) +$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force #Name for the Azure AD Application $appName = "My App" #Name for the VM to be encrypt @@ -25,22 +26,22 @@ New-AzKeyVault ` -EnabledForDiskEncryption # Create a key in your Key Vault -Add-AzureKeyVaultKey ` +Add-AzKeyVaultKey ` -VaultName $keyVaultName ` -Name "myKey" ` -Destination "Software" # Put the password in the Key Vault as a Key Vault Secret so we can use it later # We should never put passwords in scripts. -Set-AzureKeyVaultSecret -VaultName $keyVaultName -Name adminCreds -SecretValue $securePassword -Set-AzureKeyVaultSecret -VaultName $keyVaultName -Name protectValue -SecretValue $password +Set-AzKeyVaultSecret -VaultName $keyVaultName -Name adminCreds -SecretValue $securePassword +Set-AzKeyVaultSecret -VaultName $keyVaultName -Name protectValue -SecretValue $securePassword # Create Azure Active Directory app and service principal $app = New-AzADApplication -DisplayName $appName ` -HomePage "https://myapp0.contoso.com" ` -IdentifierUris "https://contoso.com/myapp0" ` - -Password (Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name adminCreds).SecretValue + -Password (Get-AzKeyVaultSecret -VaultName $keyVaultName -Name adminCreds).SecretValue New-AzADServicePrincipal -ApplicationId $app.ApplicationId @@ -51,7 +52,7 @@ Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName ` -PermissionsToSecrets get,list,set,delete,backup,restore,recover,purge # Create PSCredential object for VM -$cred = New-Object System.Management.Automation.PSCredential($vmAdminName, (Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name adminCreds).SecretValue) +$cred = New-Object System.Management.Automation.PSCredential($vmAdminName, (Get-AzKeyVaultSecret -VaultName $keyVaultName -Name adminCreds).SecretValue) # Create a virtual machine New-AzVM ` @@ -70,14 +71,14 @@ New-AzVM ` $keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName; $diskEncryptionKeyVaultUrl = $keyVault.VaultUri; $keyVaultResourceId = $keyVault.ResourceId; -$keyEncryptionKeyUrl = (Get-AzureKeyVaultKey -VaultName $keyVaultName -Name "myKey").Key.kid; +$keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name "myKey").Key.kid; # Encrypt our virtual machine Set-AzVMDiskEncryptionExtension ` -ResourceGroupName $rgName ` -VMName $vmName ` -AadClientID $app.ApplicationId ` - -AadClientSecret (Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name adminCreds).SecretValueText ` + -AadClientSecret (Get-AzKeyVaultSecret -VaultName $keyVaultName -Name adminCreds).SecretValueText ` -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl ` -DiskEncryptionKeyVaultId $keyVaultResourceId ` -KeyEncryptionKeyUrl $keyEncryptionKeyUrl `