DEVHIDE
Login Or Sign up

List all the Key Vaults the Application ID has been granted access to via PowerShell?

153 Views Asked by At

Running the below code, I can get all the Application IDs granted access to a particular Key Vault.

$KVName = 'My-Key-Vault-Name'
$KV = Get-AzKeyVault -VaultName $KVName
$accessPolicies = $KV.AccessPolicies
$accessPolicies

Result

Tenant ID                                  : my-tenant-id
Object ID                                  : my-object-id
Application ID                             : my-application-id
Display Name                               : some-fancy-name
Permissions to Keys                        : {Get, List}
Permissions to Secrets                     : {Get, List, Update, Create…}
Permissions to Certificates                : {Get, List, Update, Create…}
Permissions to (Key Vault Managed) Storage : {}

However, I am trying to get the list of all Key Vaults a particular Application ID have been granted access to. Is this achievable via PowerShell?

Any help/hint will be really helpful.

azure-powershell azure-keyvault applicationid
Original Q&A
1

There are 1 best solutions below

0
On

Initially, fetch the Object ID of application from the response of your script:

$KVName = 'devikv'
$KV = Get-AzKeyVault -VaultName $KVName
$accessPolicies = $KV.AccessPolicies
$accessPolicies

Response:

enter image description here

To list all the Key Vaults the application has been granted access to by filtering based on Application Object ID, you can run below PowerShell script:

$AppObjId = 'e7ceed60-0947-467f-a33a-xxxxxxx'
$KeyVaults = Get-AzKeyVault

foreach ($KV in $KeyVaults) {
    $AccessPolicies = (Get-AzKeyVault -VaultName $KV.VaultName).AccessPolicies
    foreach ($Policy in $AccessPolicies) {
        if ($Policy.ObjectId -eq $AppObjId) {
            Write-Output "Application has access to $($KV.VaultName)" 
        }
    }
}

Response:

enter image description here

If you want to list all the Key Vaults the application has been granted access to by filtering based on Application ID, use below modified script:

$AppId = 'b4bbcad3-9c6c-441e-b585-xxxxxxx'
$KeyVaults = Get-AzKeyVault

foreach ($KV in $KeyVaults) {
    $AccessPolicies = (Get-AzKeyVault -VaultName $KV.VaultName).AccessPolicies
    foreach ($Policy in $AccessPolicies) {
        if ($Policy.ApplicationId -eq $AppId) {
            Write-Output "Application has access to $($KV.VaultName)" 
        }
    }
}

Related Questions in AZURE-POWERSHELL

Related Questions in AZURE-KEYVAULT

Related Questions in APPLICATIONID

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.