How to get key from Azure KeyVault as a plain text?

0
votes

I have created key in Key Vault and manually imported private key in it. Now I want to retrieve using shell programing.

I have followed https://docs.microsoft.com/en-us/rest/api/keyvault/getkey/getkey and trying to retrieve the plain text but I am getting below error

curl https://test-poc-kv-31.vault.azure.net/keys/sftp/ec8368364d1844c908234396e8f50344e68?api-version=7.1
{"error":{"code":"Unauthorized","message":"Request is missing a Bearer or PoP token."}}

Not sure how to get the Bearer token for my URL?

1
azureazure-keyvault

1 Answers

1
votes

The error message is quite clear, Request is missing a Bearar or Pop token.

Steps to create the token:

  1. create a service principal using this command -
az ad sp create-for-rbac

grab appId from the output command and provide permissions to this service principal :

enter image description here

enter image description here

  1. Grab password, appId and tenant from the above command and replace with the following:
curl --location --request POST 'https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={appId}' \
--data-urlencode 'client_secret={password}' \
--data-urlencode 'scope=https://vault.azure.net/.default'

  1. Get access_token from the responding command and pass it to this command:

    curl -s "https://test-poc-kv- 
31.vault.azure.net/keys/sftp/ec8368364d1844c908234396e8f50344e68?api-version=7.1" -H 
"Authorization: Bearer %access_token%"

instead of using curl, you can use Azure CLI ( and make your life much easier ) :

az keyvault key show --name "%KEY_NAME%" --vault-name "VAULT_NAME"