BethanyZhou
commented
3 weeks ago @NoriZC , could you confirm if this feature has been supported?
Open workchoco opened 4 months ago
BethanyZhou
commented
3 weeks ago @NoriZC , could you confirm if this feature has been supported?
NoriZC
commented
3 weeks ago @NoriZC , could you confirm if this feature has been supported?
Checked the code. Yes we can definitely add the password for Keys on client side.
BethanyZhou
commented
3 weeks ago Closed as feature has been supported in Az.KeyVault >= 4.12.0
NoriZC
commented
3 weeks ago Sorry I mean we can support in the future. By now this feature is not supported
BethanyZhou
commented
3 weeks ago Thanks @NoriZC for confirmation, let's sync with kv team first and decide its priority. cc. @jlichwa
Description of the new feature
The az cli command (az keyvault security-domain restore-blob) to encrypt a security domain blob file with exchange key has an option to provide passwords for the private keys. The equivalent powershell command (Import-AzKeyVaultSecurityDomain) has no such option. To use the powershell command it needs the private keys without any password protection. This is risky and would be better if the password for private keys can be provided during the security domain encrypt/decrypt process.
az keyvault security-domain restore-blob: https://learn.microsoft.com/en-us/cli/azure/keyvault/security-domain?view=azure-cli-latest#az-keyvault-security-domain-restore-blob Import-AzKeyVaultSecurityDomain: https://learn.microsoft.com/en-us/powershell/module/az.keyvault/import-azkeyvaultsecuritydomain?view=azps-11.3.0
Proposed implementation details (optional)
No response