external help file | Module Name | ms.assetid | online version | schema |
---|---|---|---|---|
Microsoft.Azure.PowerShell.Cmdlets.Compute.dll-Help.xml |
Az.Compute |
656BE930-E778-40B0-8A75-BFE52DE386CE |
2.0.0 |
Adds a secret to a VMSS.
Add-AzVmssSecret [-VirtualMachineScaleSet] <PSVirtualMachineScaleSet> [[-SourceVaultId] <String>]
[[-VaultCertificate] <VaultCertificate[]>] [-DefaultProfile <IAzureContextContainer>]
[-WhatIf] [-Confirm] [<CommonParameters>]
The Add-AzVmssSecret cmdlet adds a secret to the Virtual Machine Scale Set (VMSS). The secret must be stored in an Azure Key Vault. For more information relating to Key Vault, see What is Azure Key Vault? (https://learn.microsoft.com/azure/key-vault/general/basic-concepts). For more information about the cmdlets, see Azure Key Vault Cmdlets or the Set-AzKeyVaultSecret cmdlet.
# Build settings
$settings = @{
secretsManagementSettings = @{
pollingIntervalInS = "<pollingInterval>"
certificateStoreName = "<certStoreName>"
certificateStoreLocation = "<certStoreLoc>"
observedCertificates = @("<observedCert1>", "<observedCert2>")
}
} | ConvertTo-Json
$extName = "KeyVaultForLinux"
$extPublisher = "Microsoft.Azure.KeyVault"
$extType = "KeyVaultForLinux"
# Add Extension to VMSS
$vmss = Get-AzVmss -ResourceGroupName <ResourceGroupName> -VMScaleSetName <VmssName>
Add-AzVmssExtension -VirtualMachineScaleSet $vmss -Name $extName -Publisher $extPublisher -Type $extType -TypeHandlerVersion "2.0" -Setting $settings
# Start the deployment
Update-AzVmss -ResourceGroupName <ResourceGroupName> -VMScaleSetName <VmssName> -VirtualMachineScaleSet $vmss
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
$Vault = Get-AzKeyVault -VaultName "ContosoVault"
$CertConfig = New-AzVmssVaultCertificateConfig -CertificateUrl "http://keyVaultName.vault.contoso.net/secrets/secretName/secretVersion" -CertificateStore "Certificates"
$VMSS = New-AzVmssConfig
Add-AzVmssSecret -VirtualMachineScaleSet $VMSS -SourceVaultId $Vault.ResourceId -VaultCertificate $CertConfig
This example adds a secret to the VMSS. The first command uses the Get-AzKeyVault cmdlet to get a vault secret from the vault named ContosoVault and stores the result in the variable named $Vault. The second command uses the New-AzVmssVaultCertificateConfig cmdlet to create a Key Vault certificate configuration using the specified certificate URL from the certificate store named Certificates and stores the results in the variable named $CertConfig. The third command uses the New-AzVmssConfig cmdlet to create a VMSS configuration object and stores the result in the variable named $VMSS. The fourth command adds a secret to the VMSS using the vault secret using the key resource ID and the vault certificate stored in the $Vault and $CertConfig variables.
The credentials, account, tenant, and subscription used for communication with azure.
Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Parameter Sets: (All)
Aliases: AzContext, AzureRmContext, AzureCredential
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies the resource ID of the Key Vault that contains the certificates that you can add to the virtual machine. This value also acts as the key for adding multiple certificates. This means that you can use the same value for the SourceVaultId parameter when you add multiple certificates from the same Key Vault.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the Vault Certificate object that contains the certificate URL and certificate name. You can use the New-AzVmssVaultCertificateConfig cmdlet to create this object.
Type: Microsoft.Azure.Management.Compute.Models.VaultCertificate[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the VMSS object. You can use the New-AzVmssConfig cmdlet to create this object.
Type: Microsoft.Azure.Commands.Compute.Automation.Models.PSVirtualMachineScaleSet
Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.