Skip to main content

1. Log in to Azure

First, authenticate your local machine with Azure: 
az login
If you have multiple subscriptions, set the one you want to use: 
az account set --subscription "<your-subscription-id>"

2. Create an Azure Key Vault

Run the following command to create a Key Vault in a resource group: 
az keyvault create --name demo-vault --resource-group <your-resource-group> --location <your-region>
🔹 Replace <your-resource-group> with your existing resource group. If you don’t have one, create it: 
az group create --name demo-rg --location eastus
Then, create the Key Vault: 
az keyvault create --name demo-vault --resource-group demo-rg --location eastus

3. Store a Secret in Key Vault

Let’s add a secret named demo-app with a sample value: 
az keyvault secret set --vault-name demo-vault --name demo-app --value "super-secret-value"
You can add more secrets: 
az keyvault secret set --vault-name demo-vault --name database-password --value "mypassword123"

4. Retrieve the Secret

Now, fetch the secret value: 
az keyvault secret show --vault-name demo-vault --name demo-app --query value -o tsv
🔹 Expected output: 
super-secret-value
If you want to retrieve and export it into a .env file: 
echo "demo_app=$(az keyvault secret show --vault-name demo-vault --name demo-app --query value -o tsv)" > .env
For multiple secrets: 
secrets=("demo-app" "database-password")

for secret in "${secrets[@]}"; do
    value=$(az keyvault secret show --vault-name demo-vault --name "$secret" --query value -o tsv)
    echo "$secret=$value"
done > .env

5. Verify .env File

cat .env
Expected output: 
demo-app=super-secret-value
database-password=mypassword123

6. Grant Access to Your Machine (If Needed)

If you get a permission error, give your account access: 
az keyvault set-policy --name demo-vault --upn <your-email> --secret-permissions get list
Or for a Service Principal: 
az keyvault set-policy --name demo-vault --spn <your-client-id> --secret-permissions get list

7. Cleanup (Optional)

If you want to delete the Key Vault: 
az keyvault delete --name demo-vault --resource-group demo-rg

Summary

StepCommand
Log inaz login
Create Resource Groupaz group create --name demo-rg --location eastus
Create Key Vaultaz keyvault create --name demo-vault --resource-group demo-rg --location eastus
Store Secretaz keyvault secret set --vault-name demo-vault --name demo-app --value "super-secret-value"
Retrieve Secretaz keyvault secret show --vault-name demo-vault --name demo-app --query value -o tsv
Export to .envecho "demo_app=$(az keyvault secret show --vault-name demo-vault --name demo-app --query value -o tsv)" > .env
This should get everything working smoothly. Let me know if you face any issues!