Skip to content

Commit d9ec847

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #228863 from AbhishekMallick01/main
Addressed Git issue #104896
2 parents a2e0c3d + b26b590 commit d9ec847

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

articles/backup/backup-azure-restore-key-secret.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
---
22
title: Restore Key Vault key & secret for encrypted VM
33
description: Learn how to restore Key Vault key and secret in Azure Backup using PowerShell
4-
ms.topic: conceptual
5-
ms.date: 08/28/2017
4+
ms.topic: how-to
5+
ms.date: 02/28/2023
66
ms.custom: devx-track-azurepowershell
77
author: jyothisuri
88
ms.author: jsuri
@@ -66,7 +66,7 @@ $secretdata = $encryptionObject.OsDiskKeyAndSecretDetails.SecretData
6666
$Secret = ConvertTo-SecureString -String $secretdata -AsPlainText -Force
6767
$secretname = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA'
6868
$Tags = @{'DiskEncryptionKeyEncryptionAlgorithm' = 'RSA-OAEP';'DiskEncryptionKeyFileName' = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA.BEK';'DiskEncryptionKeyEncryptionKeyURL' = $encryptionObject.OsDiskKeyAndSecretDetails.KeyUrl;'MachineName' = 'vm-name'}
69-
Set-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
69+
Set-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
7070
```
7171

7272
**Use these cmdlets if your Linux VM is encrypted using BEK and KEK.**
@@ -76,15 +76,15 @@ $secretdata = $encryptionObject.OsDiskKeyAndSecretDetails.SecretData
7676
$Secret = ConvertTo-SecureString -String $secretdata -AsPlainText -Force
7777
$secretname = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA'
7878
$Tags = @{'DiskEncryptionKeyEncryptionAlgorithm' = 'RSA-OAEP';'DiskEncryptionKeyFileName' = 'LinuxPassPhraseFileName';'DiskEncryptionKeyEncryptionKeyURL' = <Key_url_of_newly_restored_key>;'MachineName' = 'vm-name'}
79-
Set-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
79+
Set-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $Secret -ContentType 'Wrapped BEK' -Tags $Tags
8080
```
8181

8282
Use the JSON file generated above to get secret name and value and feed it to set secret cmdlet to put the secret (BEK) back in the key vault. Use these cmdlets if your **VM is encrypted using BEK** only.
8383

8484
```powershell
8585
$secretDestination = 'C:\secret.blob'
8686
[io.file]::WriteAllBytes($secretDestination, [System.Convert]::FromBase64String($encryptionObject.OsDiskKeyAndSecretDetails.KeyVaultSecretBackupData))
87-
Restore-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -InputFile $secretDestination -Verbose
87+
Restore-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -InputFile $secretDestination -Verbose
8888
```
8989

9090
> [!NOTE]
@@ -120,7 +120,7 @@ $secretname = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA'
120120
$secretdata = $rp1.KeyAndSecretDetails.SecretData
121121
$Secret = ConvertTo-SecureString -String $secretdata -AsPlainText -Force
122122
$Tags = @{'DiskEncryptionKeyEncryptionAlgorithm' = 'RSA-OAEP';'DiskEncryptionKeyFileName' = 'B3284AAA-DAAA-4AAA-B393-60CAA848AAAA.BEK';'DiskEncryptionKeyEncryptionKeyURL' = 'https://mykeyvault.vault.azure.net:443/keys/KeyName/84daaac999949999030bf99aaa5a9f9';'MachineName' = 'vm-name'}
123-
Set-AzureKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $secret -Tags $Tags -SecretValue $Secret -ContentType 'Wrapped BEK'
123+
Set-AzKeyVaultSecret -VaultName '<target_key_vault_name>' -Name $secretname -SecretValue $secret -Tags $Tags -SecretValue $Secret -ContentType 'Wrapped BEK'
124124
```
125125

126126
> [!NOTE]

0 commit comments

Comments
 (0)