Secrets in the Azure Key Vault.

Azure Key Vault and Power Automate

Can you keep a secret? Have you tried using Azure Key Vault with Power Automate? here is an overview of the Azure Key Vault connector.

The Azure Key Vault

I’ve create an Azure Key vault to keep hold of my secrets.

Secretes stored in the Azure Key Vault

The Azure Key Vault Connector

There are 4 actions that will list information from the Azure Key Vault

  • List keys
  • list secrets
  • List Secret versions
  • List key version

When you add these action to your flow you will soon see … well, not very much. A greyed out Sign in button and a Vault name

Once you have supplied a Vault name, the sing in button will enable itself.

And when we run these actions the secrets and the keys are returned.

But most likely we would want the actual secret information behind each secret. We will need to use another item for this.

The Get Secret action will get the details of the secrets.

When we run this flow, we will get the actual secret information from the Key Vault.

How often do you use settings inside a flow? The Key Vault might quite well be a good place to store some of your flow settings. So often settings are stored in SharePoint, while really these settings aren’t anything that you want to share.

Wait a moment, but the flow run is now sharing my secret! That is easily solved. You could now secure the output from the above action, using the secure your input and output in flows setting.

Decrypt and Encrypt data

The next two actions to look at are the Decrypt data with key and the Encrypt data with key.

And when you try these options you will get the following message:

Operation failed because client does not have permission to perform the operation on the key vault. Please check your permissions in the key vault access policies.

that is a bit annoying!

The way to solve this tick the boxes for Decrypt and Encrypt in the Access Policies in your Vault.

Once you’ve done this, problem solved and you can encrypt and desrypt your data using the Key Vault

Now if you combine these actions you can collect the Secrets and keys and use them within flows, however there is no create a secret action in flow. There is however an option to do this from Powershell.

2 thoughts on “Azure Key Vault and Power Automate

  1. List secret step only returns 25 rows, seems to be a limitation. How can we overcome it to show all secrets in the KV?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: