Azure-cli: Yet another issue with az vm create
* List of Pre-requisites *
Generate a ssh key
Create a resource group
Create a Key Vault
Create an App Service Certificate for the domain name
Create a
- Virtual Network
- Ip Address
- Network Interface
- Network Security Group
and tie them together in the Network Interface
(This is mostly to avoid recreating it)
Create a storage account for the boot diagnostics
Describe the bug
I cannot create a vm using the az vm create command with all the necessary parameters
The error message is:
Error decoding secrets: Expecting value: line 1 column 2 (char 1)
This is not enough information.
To Reproduce
Use the following commands
Variables
$keyvaultName = "keyvault"
Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvaultName -EnabledForDeployment
$admin = yourUserName
$keyFile = cat ~/.ssh/id_rsa.pub
(Create the ssh file with ssh-keygen -t rsa -b 2048)
$resourceGroup = "resourceGroup"
$certName = "secret!"
$VMName = "VMInstance"
$location = ""
$bootDiagStorage = “<$VMName>diag"
$customData = "cloud-init-web-server.txt"
(Found here https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-server)
$subs = "yourSubscription"
$nics = "nic123"
(Network interface, because I got sick of creating it again and again and again)
$image = "Bitnami:simplemachinesforum:2-0:2.0.1811302007"
(Or whatever you want to use)
$certURL = (Get-AzureKeyVaultSecret -VaultName $keyvaultName -Name $certName).id
$vm_secret = (az vm secret format --secrets $certURL --keyvault $keyvaultName --resource-group $resourceGroup --subscription $subs)
az vm create --name $VMName --resource-group $resourceGroup --admin-username $admin --authentication-type ssh --boot-diagnostics-storage $bootDiagStorage --custom-data $customData --image $image --location $location --nics $nics --ssh-key-value $keyFile --subscription $subs –secrets $vm_secret
az vm open-port --resource-group $resourceGroup --name $VMName --port 443
Expected behavior
A VM that contains all the parameters I gave it.
Environment summary
CLI version (az --version 2.0)
Additional context
3062 is similar, yet at least the error message had MORE information.
3062 also includes
https://github.com/devigned/level1/blob/master/scripts/provision.sh
https://github.com/devigned/level1/blob/master/scripts/cloud-config-template.yml
unfortunately there is not enough information to figure out how I should implement this
vm != vmss among other things, please use lots of comments, there is not enough to explain most of the lines of code, and I don't like using code I don't understand.
Please update https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-server with the correct method. And the windows version https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-secure-web-server too of course.
According to https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-server
you should use:
secret=$(az keyvault secret list-versions \
--vault-name $keyvault_name \
--name mycert \
--query "[?attributes.enabled].id" --output tsv)
vm_secret=$(az vm secret format --secrets "$secret")
After trying for 2 weeks! it does not work
this does work:
$certURL = (Get-AzureKeyVaultSecret -VaultName $keyvaultName -Name $certName).id
$vm_secret = (az vm secret format --secrets $certURL --keyvault $keyvaultName --resource-group $resourceGroup --subscription $subs)
this
vm_secret=$(az vm secret format --secrets "$secret")
throws
vm_secret=$(az vm secret format --secrets "$secret") : The term 'vm_secret=$(az vm secret format --secrets "$secret")' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
vm_secret=$(az vm secret format --secrets "$secret")
"-----------------------------------------------------------------------------------
CategoryInfo : ObjectNotFound: (vm_secret=$(az ...rets "$secret"):String) [], CommandNotFoundException
FullyQualifiedErrorId : CommandNotFoundException
- I opened a related issue in https://github.com/MicrosoftDocs/azure-docs/issues/21618
- According to https://github.com/Azure/azure-cli/issues/2077 this has been implemented, it does not say how or where can I find the answer.
- According to #5718 this has been fixed by merging it with #5946, this is not the case.
- According to #5946 which #5718 references format-secret has been removed but there is no description of the proper way to use secret format
WiseMack
All 14 comments
There is another possibility
In the previous code
az vm create --name $VMName --resource-group $resourceGroup --admin-username $admin --authentication-type ssh --boot-diagnostics-storage $bootDiagStorage --custom-data $customData --image $image --location $location --nics $nics --ssh-key-value $keyFile --subscription $subs --secrets $vm_secret
the secret is added on deployment,(leaving aside that it does not work), but instead:
az vm create --name $VMName --resource-group $resourceGroup --admin-username $admin --authentication-type ssh --boot-diagnostics-storage $bootDiagStorage --custom-data $customData --image $image --location $location --nics $nics --ssh-key-value $keyFile --subscription $subs
$vm=Get-AzureRmVM -ResourceGroupName $resourceGroup -Name $VMName
$vaultId=(Get-AzureRmKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
$vm=Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateUrl $certURL
az vm open-port --resource-group $resourceGroup --name $VMName --port 443
Update-AzureRmVM -ResourceGroupName $resourceGroup -VM $vm
the secret is added after deployment and the VM updated, there is no errors.
unfortunately doing this does not update the security status of the webpage, that is chrome does not recognize the certificate.
WiseMack
on 4 Jan 2019
@WiseMack I like to comment on your second scenario(creating a vm without secret).
In that scenario, A VM will be created and on boot, cloud init will execute.
During cloud init execution, it copies the certificates from /var/lib/waagent/random_numbers.crt and places it on nginx folder. This action is as per the commands in cloudinit file.
Since the secret is not provided, /var/lib/waagent/ will not have that certificate, so nginx will start with its default certificate.
If the provided secret is proper, /var/lib/waagent/ should have the certificate added by azure.
So the second scenario of creating a machine without secret and with custom data and adding secret later wont work.
But the first scenario where the secret and custom data are provided should have worked. We need to figure out why it didnt work.
Looks like you have used both powershell commands and azure cli command while creating a vm.
Its recommended to use one of the in a script.
jakaruna-MSFT
on 4 Jan 2019
It is unfortunate that is does not work, but expected.
This is the format of $vm_secret
[
{
"sourceVault": {
"id": "/subscriptions/"the Number"/resourceGroups/airheadsbc/providers/Microsoft.KeyVault/vaults/airheadsbcKeys"
},
"vaultCertificates": [
{
"certificateUrl": "https://correct as far as I know"
}
]
}
]
Is this what --secrets is expecting?
do you mean
Get-AzureKeyVaultSecret... and az vm ...
when you mean powershell and azure cli? If so which is which?
WiseMack
on 4 Jan 2019
I tried fixing this and I believe that https://github.com/Azure/azure-cli/pull/8176 should fix this problem
WiseMack
on 5 Jan 2019
It is unfortunate that is does not work, but expected.
This is the format of $vm_secret
[
{
"sourceVault": {
"id": "/subscriptions/"the Number"/resourceGroups/airheadsbc/providers/Microsoft.KeyVault/vaults/airheadsbcKeys"
},
"vaultCertificates": [
{
"certificateUrl": "https://correct as far as I know"
}
]
}
]Is this what --secrets is expecting?
do you mean
Get-AzureKeyVaultSecret... and az vm ...
when you mean powershell and azure cli? If so which is which?
vm_secret expects that value only.
"Get-" are powershell cmdlets. This link has all the cmdlets related to Azure.
Commands starts with "az" are Azure clis.
jakaruna-MSFT
on 8 Jan 2019
Thank you for the explanation. about powershell and CLI
Unfortunately despite the fact that $vm_secret seems to be correct the az vm create does not accept it. I believe I have found the reason and tried fixing it in #8176
WiseMack
on 12 Jan 2019
@devigned has the most experience with passing secrets to a VM. David, do you have thoughts on this one?
tjprescott
on 12 Jan 2019
Just seeing this. @wisemack, did you try using the --debug option when creating the VM, it gives a lot of helpful information when executing commands, such as what args (actual contents) are passed to the CLI, and the contents of requests and response payloads.
adewaleo
on 14 Jan 2019
Hi @WiseMack. I'm sorry you're running into problems with az vm create with secrets. I would like to help get to the root of the issue.
It looks like you are executing the script in the PowerShell console. Is that accurate? Have you tried the same script in a bash shell? They should both work. I'm just trying to reproduce your environment.
Here's a functioning script with pure az cli
#!/usr/bin/env bash
set -xe
rg="vm-test"
kv_name="kvvmtest"
vm_name="vm-name"
az group create -n ${rg} -l westus2
az keyvault create -g ${rg} -n ${kv_name} --enabled-for-deployment
az keyvault certificate create --vault-name ${kv_name} -n cert1 -p "$(az keyvault certificate get-default-policy)"
secrets=$(az keyvault secret list-versions --vault-name ${kv_name} -n cert1 --query "[?attributes.enabled].id" -o tsv)
vm_secrets=$(az vm secret format -s "$secrets")
az vm create -g ${rg} -n ${vm_name} --admin-username deploy --image debian --secrets "$vm_secrets"
az vm show -g ${rg} -n ${vm_name}
This is the output produced from the script.
$ ./az-vm-secret.sh
+ rg=vm-test
+ kv_name=kvvmtest
+ vm_name=vm-name
+ az group create -n vm-test -l westus2
{
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test",
"location": "westus2",
"managedBy": null,
"name": "vm-test",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null
}
+ az keyvault create -g vm-test -n kvvmtest --enabled-for-deployment
{
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.KeyVault/vaults/kvvmtest",
"location": "westus2",
"name": "kvvmtest",
"properties": {
"accessPolicies": [
{
"applicationId": null,
"objectId": "882b503c-c281-4fe9-a85c-d9e0cd66d376",
"permissions": {
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover"
],
"keys": [
"get",
"create",
"delete",
"list",
"update",
"import",
"backup",
"restore",
"recover"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"setsas",
"listsas",
"getsas",
"deletesas"
]
},
"tenantId": "9148c3a5-1e1b-4e0a-87c2-302229534991"
}
],
"createMode": null,
"enablePurgeProtection": null,
"enableSoftDelete": null,
"enabledForDeployment": true,
"enabledForDiskEncryption": null,
"enabledForTemplateDeployment": null,
"networkAcls": null,
"provisioningState": "Succeeded",
"sku": {
"name": "standard"
},
"tenantId": "9148c3a5-1e1b-4e0a-87c2-302229534991",
"vaultUri": "https://kvvmtest.vault.azure.net/"
},
"resourceGroup": "vm-test",
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
++ az keyvault certificate get-default-policy
+ az keyvault certificate create --vault-name kvvmtest -n cert1 -p '{
"issuerParameters": {
"certificateTransparency": null,
"name": "Self"
},
"keyProperties": {
"curve": null,
"exportable": true,
"keySize": 2048,
"keyType": "RSA",
"reuseKey": true
},
"lifetimeActions": [
{
"action": {
"actionType": "AutoRenew"
},
"trigger": {
"daysBeforeExpiry": 90
}
}
],
"secretProperties": {
"contentType": "application/x-pkcs12"
},
"x509CertificateProperties": {
"keyUsage": [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyEncipherment",
"keyAgreement",
"keyCertSign"
],
"subject": "CN=CLIGetDefaultPolicy",
"validityInMonths": 12
}
}'
{
"cancellationRequested": false,
"csr": "MIICrjCCAZYCAQAwHjEcMBoGA1UEAxMTQ0xJR2V0RGVmYXVsdFBvbGljeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcdk2LQf0jjHc2M/CcdEnBWdGNStbEbNmWrXlQR1EqyZo5lbBDdcQRP/eYBQL9Pr0GX87OG9tdmfwqhxRwFHCkgyh67tG+sVWeUk4djRg4t3zhFNFwG11b+QKI/B33aa4G4RH+C+Ph4Ky2V4dgaXRXRTLNBXAgZ68ca2xUOXY49OkxfoOcITerRbV85Mes0+UgpyL5mtuh13uOD6i4HBeira8HhUwvBElvYnn0SgytKMIgtsMzQrUwwpv72a5IIZ2jvQyeCTjY8wVRljPY2Zc2y1Vih/FiYvoSxsfzSX09m1YDjVcF6DEmJexTG5g2Ky3n4ZdYijEc00lbmqjInAxMCAwEAAaBLMEkGCSqGSIb3DQEJDjE8MDowDgYDVR0PAQH/BAQDAgG+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBWP8auawkaazzzr4OUxpFGA4JkPpJjkgub/ZFDAzwnwiNbzIWg/Afmu1rZgsLguJxjtteqn0I2hObpt5UtAFP+pvrfHNENHlgaHNT8D0o1pRJ5oK4KMn1UMwmFkKsQyyz+319QYwwmckWY1n9w6KiSDGy+TvzSXj8wYR0j4T0zumvn0KE1Ln0UTmFXcqgEocQUbm72ymQJyh7CNwZcZiQ1Dfnplj47exEUxht947FrtkYQkuX7JI3GGWmRT1xetClKpUE63muxhvVDGqgDc3fCZsmegCD6sE2YcZwuUaehOwfFJx+072gnmRxX/aXuXLdQI1Uj2uK3LIYnQPlXu0g6",
"error": null,
"id": "https://kvvmtest.vault.azure.net/certificates/cert1/pending",
"issuerParameters": {
"certificateTransparency": null,
"certificateType": null,
"name": "Self"
},
"requestId": "35e394d1185a4b0eaa5eeee9ddf972af",
"status": "completed",
"statusDetails": null,
"target": "https://kvvmtest.vault.azure.net/certificates/cert1"
}
++ az keyvault secret list-versions --vault-name kvvmtest -n cert1 --query '[?attributes.enabled].id' -o tsv
+ secrets=https://kvvmtest.vault.azure.net/secrets/cert1/2fcbabac504f49d0b5f6df019b7f791e
++ az vm secret format -s https://kvvmtest.vault.azure.net/secrets/cert1/2fcbabac504f49d0b5f6df019b7f791e
+ vm_secrets='[
{
"sourceVault": {
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.KeyVault/vaults/kvvmtest"
},
"vaultCertificates": [
{
"certificateUrl": "https://kvvmtest.vault.azure.net/secrets/cert1/2fcbabac504f49d0b5f6df019b7f791e"
}
]
}
]'
+ az vm create -g vm-test -n vm-name --admin-username deploy --image debian --secrets '[
{
"sourceVault": {
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.KeyVault/vaults/kvvmtest"
},
"vaultCertificates": [
{
"certificateUrl": "https://kvvmtest.vault.azure.net/secrets/cert1/2fcbabac504f49d0b5f6df019b7f791e"
}
]
}
]'
{
"fqdns": "",
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.Compute/virtualMachines/vm-name",
"location": "westus2",
"macAddress": "00-0D-3A-F7-DD-16",
"powerState": "VM running",
"privateIpAddress": "10.0.0.4",
"publicIpAddress": "52.175.197.108",
"resourceGroup": "vm-test",
"zones": ""
}
+ az vm show -g vm-test -n vm-name
az vm show -g vm-test -n vm-name
{
"additionalCapabilities": null,
"availabilitySet": null,
"diagnosticsProfile": null,
"hardwareProfile": {
"vmSize": "Standard_DS1_v2"
},
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.Compute/virtualMachines/vm-name",
"identity": null,
"instanceView": null,
"licenseType": null,
"location": "westus2",
"name": "vm-name",
"networkProfile": {
"networkInterfaces": [
{
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.Network/networkInterfaces/vm-nameVMNic",
"primary": null,
"resourceGroup": "vm-test"
}
]
},
"osProfile": {
"adminPassword": null,
"adminUsername": "deploy",
"allowExtensionOperations": true,
"computerName": "vm-name",
"customData": null,
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"provisionVmAgent": true,
"ssh": {
"publicKeys": [
{
"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXvORz9EeGD6MpWfuykj5KcN2qnE5nT4VzSzCgTfn6QpxGBhQJOfO1R+eZYYy7DIcqFWrjl6UI1VlosEkx+cJUQNK72+NMpXECvKw5jE1F1qpwUJZ8OSUNJWhOwNH/HSxeZ0jWJ3M1ay7jUfkS/cOHLDpryJ0Vmia3rXkic4TpYiTi2kt9VvchO8IlXLRqP8+SWnjZ+DJiqRbg9avnHg0wlEFlXBBNUXOcE1O0zGAfPr+vnQlqoU2LVAA9NgVDrY0iiayQfu6YzDMurHdCgCQRbMcUEESCvvaediZTVOZzKxKV+qFN+l7NYFXpd2brSfnNToB6iLU9TEJEXEE1QfXyWtJ2vbNgO6S+anz0ndPJMISAHWtiLK55i9F3sDIb7V7c9YMX+XQL4IwomJGHWzjzOODG9ootSzyptnWemVEawI0XFI+wsbH90RgE2SKefL0bU/dGjPnpFVG13gWfN/OJxH1MrPnu+0j7YCK1tLck9Wzosk3kNNd6re0qZjKnaBxU95S1ppY4rI7W2bTGcLdlt+9yR6/LS6nRWBljykj9pG31F8L/v67Y5L2863HRrNOfCojRj/xakzjjEw2R8T0RhFQMNH5MseB3Qi/TblM3yluxIhGip1dqVpbdKrRZr8vHhUIqQiu3dk9Ln5Di5QSXMFipZ2HmXN0oackRurArHQ== [email protected]\n",
"path": "/home/deploy/.ssh/authorized_keys"
}
]
}
},
"requireGuestProvisionSignal": true,
"secrets": [
{
"sourceVault": {
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.KeyVault/vaults/kvvmtest"
},
"vaultCertificates": [
{
"certificateStore": null,
"certificateUrl": "https://kvvmtest.vault.azure.net/secrets/cert1/2fcbabac504f49d0b5f6df019b7f791e"
}
]
}
],
"windowsConfiguration": null
},
"plan": null,
"provisioningState": "Succeeded",
"resourceGroup": "vm-test",
"resources": null,
"storageProfile": {
"dataDisks": [],
"imageReference": {
"id": null,
"offer": "Debian",
"publisher": "credativ",
"sku": "8",
"version": "latest"
},
"osDisk": {
"caching": "ReadWrite",
"createOption": "FromImage",
"diffDiskSettings": null,
"diskSizeGb": 30,
"encryptionSettings": null,
"image": null,
"managedDisk": {
"id": "/subscriptions/cbbdaed0-fea9-4693-bf0c-d446ac93c030/resourceGroups/vm-test/providers/Microsoft.Compute/disks/vm-name_OsDisk_1_f52b459780c24f56b04fed7191c3e134",
"resourceGroup": "vm-test",
"storageAccountType": "Premium_LRS"
},
"name": "vm-name_OsDisk_1_f52b459780c24f56b04fed7191c3e134",
"osType": "Linux",
"vhd": null,
"writeAcceleratorEnabled": null
}
},
"tags": {},
"type": "Microsoft.Compute/virtualMachines",
"vmId": "fdd1c8a9-aa68-43fa-8d3d-96f7bf12e1ed",
"zones": null
}
Please let me know if any particular step needs more in-depth explanation.
devigned
on 15 Jan 2019
@WiseMack have you been able to try out this script?
adewaleo
on 29 Jan 2019
According to the code you gave me
secrets=$(az keyvault secret list-versions --vault-name ${kv_name} -n cert1 --query "[?attributes.enabled].id" -o tsv)
vm_secrets=$(az vm secret format -s "$secrets")
--vault-name myVaultName
-n or --name
should be the id that shows up when I execute the following command correct
az keyvault secret list --vault-name $keyvaultName
az keyvault secret list --vault-name $keyvaultName
[
{
"attributes": {
"created": "2019-01-04T12:14:14+00:00",
"enabled": true,
"expires": "2019-10-31T01:27:07+00:00",
"notBefore": "2018-10-31T01:27:07+00:00",
"recoveryLevel": "Purgeable",
"updated": "2019-01-04T12:14:14+00:00"
},
"contentType": "application/x-pkcs12",
"id": "https://airheadsbckeys.vault.azure.net/secrets/airheadsbcCert", **<-- THIS ONE**
"managed": true,
"tags": null
},
Yet it throws this error
secrets=$(az keyvault secret list-versions --vault-name $keyvaultName --name $cert --query "[?attributes.enabled].id" -o tsv) : The term 'secrets=$(az keyvault secret list-versions --vault-name $keyvaultName --name $cert --query "[?attributes.enabled].id" -o tsv)' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ secrets=$(az keyvault secret list-versions --vault-name $keyvaultName ...
+ CategoryInfo : ObjectNotFound: (secrets=$(az ke...ed].id" -o tsv):String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Which is why I prefer to use this code instead, which theoretically speaking should have the same result
$certURL = (Get-AzureKeyVaultSecret -VaultName $keyvaultName -Name $certName).id
$vm_secret = (az vm secret format --secrets $certURL --keyvault $keyvaultName --resource-group $resourceGroup --subscription $subs)
Which while it doesn't work for the az vm create command, at least doesn't throw an error.
WiseMack
on 5 Feb 2019
In summary, what exactly SHOULD I be using with
secrets=$(az keyvault secret list-versions --vault-name ${kv_name} -n cert1 --query "[?attributes.enabled].id" -o tsv)
In the -n parameter if not the id?
WiseMack
on 5 Feb 2019
@WiseMack
With respect to your first question, the CLI did not throw an error, powershell did because
vm_secrets=$(az vm secret format -s "$secrets")is (linux) shell syntax which executes the vm command and assigns the result to a shell variable. To solve this issue you need to convert the shell syntax for working with variables (assignment and retrieval) to powershell syntax.What do you mean by
"it doesn't work for the az vm create command". What error specifically do you get? Also, fyi, you are also mixing azure powershell cmdlets with azure cli commands.Concerning your second question,
-nshould be the name of the certificate and not its id. As in:
(cli-venv) $ az keyvault secret list-versions --vault-name "tosin-kv" -n "cert123"
[
{
"attributes": {
"created": "2019-02-05T19:33:21+00:00",
"enabled": false,
"expires": "2020-02-05T19:33:21+00:00",
"notBefore": "2019-02-05T19:23:21+00:00",
"recoveryLevel": "Purgeable",
"updated": "2019-02-05T19:33:21+00:00"
},
"contentType": "application/x-pkcs12",
"id": "https://tosin-kv.vault.azure.net/secrets/cert123/8ea7a6250de049f88150e841f236eb7a",
"managed": true,
"tags": null
},
{
"attributes": {
"created": "2019-02-05T19:33:36+00:00",
"enabled": true,
"expires": "2020-02-05T19:33:36+00:00",
"notBefore": "2019-02-05T19:23:36+00:00",
"recoveryLevel": "Purgeable",
"updated": "2019-02-05T19:33:36+00:00"
},
"contentType": "application/x-pkcs12",
"id": "https://tosin-kv.vault.azure.net/secrets/cert123/9795bad9da2743f3ae945d439b940bbd",
"managed": true,
"tags": null
}
]
Fundamentally, the problem here is that you are trying to use a script that is written for Linux bash in Powershell. That will not work. I have opened an issue in the docs repo for that tutorial to request that they clarify that it only works in Bash.
https://github.com/MicrosoftDocs/azure-docs/issues/24311
I see you also opened an issue there and it was closed. I would recommend you +1 and comment on my issue, requesting Powershell-specific steps. Alternatively, if you prefer Powershell, you might explore how to achieve your scenario with the Azure Powershell cmdlets.
https://github.com/Azure/azure-powershell
As these scenarios are working as intended, I will close this issue.
tjprescott
on 5 Feb 2019
Related issues
seanknox
·
3Comments
PrHar
·
3Comments
derekperkins
·
3Comments
williexu
·
3Comments
binderjoe
·
3Comments