Skip to content

Commit b26b590

Browse files
author
AbhishekMallick01
committed
Addressed Git issue #104896
1 parent e63d51e commit b26b590

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

articles/backup/backup-azure-restore-key-secret.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
---
22
title: Restore Key Vault key & secret for encrypted VM
33
description: Learn how to restore Key Vault key and secret in Azure Backup using PowerShell
4-
ms.topic: conceptual
5-
ms.date: 08/28/2017
4+
ms.topic: how-to
5+
ms.date: 02/28/2023
66
ms.custom: devx-track-azurepowershell
77
author: jyothisuri
88
ms.author: jsuri
@@ -66,7 +66,7 @@ $secretdata = $encryptionObject.OsDiskKeyAndSecretDetails.SecretData
6666
$Secret = ConvertTo-SecureString -String $secretdata -AsPlainText -Force
6767
$secretname = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA'
6868
$Tags = @{'DiskEncryptionKeyEncryptionAlgorithm' = 'RSA-OAEP';'DiskEncryptionKeyFileName' = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA.BEK';'DiskEncryptionKeyEncryptionKeyURL' = $encryptionObject.OsDiskKeyAndSecretDetails.KeyUrl;'MachineName' = 'vm-name'}
69-
Set-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
69+
Set-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
7070
```
7171

7272
**Use these cmdlets if your Linux VM is encrypted using BEK and KEK.**
@@ -76,15 +76,15 @@ $secretdata = $encryptionObject.OsDiskKeyAndSecretDetails.SecretData
7676
$Secret = ConvertTo-SecureString -String $secretdata -AsPlainText -Force
7777
$secretname = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA'
7878
$Tags = @{'DiskEncryptionKeyEncryptionAlgorithm' = 'RSA-OAEP';'DiskEncryptionKeyFileName' = 'LinuxPassPhraseFileName';'DiskEncryptionKeyEncryptionKeyURL' = <Key_url_of_newly_restored_key>;'MachineName' = 'vm-name'}
79-
Set-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
79+
Set-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
8080
```
8181

8282
Use the JSON file generated above to get secret name and value and feed it to set secret cmdlet to put the secret (BEK) back in the key vault. Use these cmdlets if your **VM is encrypted using BEK** only.
8383

8484
```powershell
8585
$secretDestination = 'C:\secret.blob'
8686
[io.file]::WriteAllBytes($secretDestination, [System.Convert]::FromBase64String($encryptionObject.OsDiskKeyAndSecretDetails.KeyVaultSecretBackupData))
87-
Restore-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -InputFile $secretDestination -Verbose
87+
Restore-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -InputFile $secretDestination -Verbose
8888
```
8989

9090
> [!NOTE]
@@ -120,7 +120,7 @@ $secretname = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA'
120120
$secretdata = $rp1.KeyAndSecretDetails.SecretData
121121
$Secret = ConvertTo-SecureString -String $secretdata -AsPlainText -Force
122122
$Tags = @{'DiskEncryptionKeyEncryptionAlgorithm' = 'RSA-OAEP';'DiskEncryptionKeyFileName' = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA.BEK';'DiskEncryptionKeyEncryptionKeyURL' = 'https://mykeyvault.vault.azure.net:443/keys/KeyName/84daaac999949999030bf99aaa5a9f9';'MachineName' = 'vm-name'}
123-
Set-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $secret -Tags $Tags -SecretValue $Secret -ContentType 'Wrapped BEK'
123+
Set-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $secret -Tags $Tags -SecretValue $Secret -ContentType 'Wrapped BEK'
124124
```
125125

126126
> [!NOTE]

0 commit comments

Comments
 (0)