Add-AzVmssSecret.md

external help file	Module Name	ms.assetid	online version	schema
Microsoft.Azure.PowerShell.Cmdlets.Compute.dll-Help.xml	Az.Compute	656BE930-E778-40B0-8A75-BFE52DE386CE	https://learn.microsoft.com/powershell/module/az.compute/add-azvmsssecret	2.0.0

Add-AzVmssSecret

SYNOPSIS

Adds a secret to a VMSS.

SYNTAX

Add-AzVmssSecret [-VirtualMachineScaleSet] <PSVirtualMachineScaleSet> [[-SourceVaultId] <String>]
 [[-VaultCertificate] <VaultCertificate[]>] [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Add-AzVmssSecret cmdlet adds a secret to the Virtual Machine Scale Set (VMSS). The secret must be stored in an Azure Key Vault. For more information relating to Key Vault, see What is Azure Key Vault? (https://learn.microsoft.com/azure/key-vault/general/basic-concepts). For more information about the cmdlets, see Azure Key Vault Cmdlets or the Set-AzKeyVaultSecret cmdlet.

EXAMPLES

Example 1: Add a secret to the VMSS using the Azure Key Vault virtual machine extension

# Build settings
$settings = @{
    secretsManagementSettings = @{
        pollingIntervalInS       = "<pollingInterval>"
        certificateStoreName     = "<certStoreName>"
        certificateStoreLocation = "<certStoreLoc>"
        observedCertificates     = @("<observedCert1>", "<observedCert2>")
    } 
} | ConvertTo-Json
$extName = "KeyVaultForLinux"
$extPublisher = "Microsoft.Azure.KeyVault"
$extType = "KeyVaultForLinux"
# Add Extension to VMSS
$vmss = Get-AzVmss -ResourceGroupName <ResourceGroupName> -VMScaleSetName <VmssName>
Add-AzVmssExtension -VirtualMachineScaleSet $vmss  -Name $extName -Publisher $extPublisher -Type $extType -TypeHandlerVersion "2.0" -Setting $settings
# Start the deployment
Update-AzVmss -ResourceGroupName <ResourceGroupName> -VMScaleSetName <VmssName> -VirtualMachineScaleSet $vmss

To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.

Example 2: Add a secret to the VMSS using Add-AzVmssSecret

$Vault = Get-AzKeyVault -VaultName "ContosoVault"
$CertConfig = New-AzVmssVaultCertificateConfig -CertificateUrl "http://keyVaultName.vault.contoso.net/secrets/secretName/secretVersion" -CertificateStore "Certificates"
$VMSS = New-AzVmssConfig
Add-AzVmssSecret -VirtualMachineScaleSet $VMSS -SourceVaultId $Vault.ResourceId -VaultCertificate $CertConfig

This example adds a secret to the VMSS. The first command uses the Get-AzKeyVault cmdlet to get a vault secret from the vault named ContosoVault and stores the result in the variable named $Vault. The second command uses the New-AzVmssVaultCertificateConfig cmdlet to create a Key Vault certificate configuration using the specified certificate URL from the certificate store named Certificates and stores the results in the variable named $CertConfig. The third command uses the New-AzVmssConfig cmdlet to create a VMSS configuration object and stores the result in the variable named $VMSS. The fourth command adds a secret to the VMSS using the vault secret using the key resource ID and the vault certificate stored in the $Vault and $CertConfig variables.

PARAMETERS

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Parameter Sets: (All)
Aliases: AzContext, AzureRmContext, AzureCredential

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SourceVaultId

Specifies the resource ID of the Key Vault that contains the certificates that you can add to the virtual machine. This value also acts as the key for adding multiple certificates. This means that you can use the same value for the SourceVaultId parameter when you add multiple certificates from the same Key Vault.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-VaultCertificate

Specifies the Vault Certificate object that contains the certificate URL and certificate name. You can use the New-AzVmssVaultCertificateConfig cmdlet to create this object.

Type: Microsoft.Azure.Management.Compute.Models.VaultCertificate[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-VirtualMachineScaleSet

Specifies the VMSS object. You can use the New-AzVmssConfig cmdlet to create this object.

Type: Microsoft.Azure.Commands.Compute.Automation.Models.PSVirtualMachineScaleSet
Parameter Sets: (All)
Aliases:

Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

Microsoft.Azure.Commands.Compute.Automation.Models.PSVirtualMachineScaleSet

System.String

Microsoft.Azure.Management.Compute.Models.VaultCertificate[]

OUTPUTS

Microsoft.Azure.Commands.Compute.Automation.Models.PSVirtualMachineScaleSet

NOTES

RELATED LINKS

New-AzVmssVaultCertificateConfig

New-AzVmssConfig