Recently I had a need to clone secrets in one Key Vault into another Key Vault in a different subscription. I wasn’t sure if it was even possible to do but with a bit of PowerShell and the Azure CLI it turns out you can, here’s the script:
$sourceVault="<source vault>"
$destinationVault="<destination vault>"
$secrets=(az keyvault secret list --vault-name $sourceVault --query "[].{id:id,name:name}") | ConvertFrom-Json | ForEach-Object {
$secretName = $_.name
$secretExists=(az keyvault secret list --vault-name $destinationVault --query "[?name=='$name']" -o tsv)
if($secretExists -eq $null) {
write-host "Copy Secret across $secretName"
$secretValue=(az keyvault secret show --vault-name $sourceVault -n $secretName --query "value" -o tsv)
az keyvault secret set --vault-name $destinationVault -n $secretName --value "$secretValue"
} else {
write-host "$secretName already exists in $destinationVault"
}
}
Happy cloning!!! 🙂
NOTE: I used PowerShell 7.2.5 and Azure CLI 2.37.0
Coding With Taz 