Open workchoco opened 4 months ago
@NoriZC , could you confirm if this feature has been supported?
@NoriZC , could you confirm if this feature has been supported?
Checked the code. Yes we can definitely add the password for Keys on client side.
Closed as feature has been supported in Az.KeyVault >= 4.12.0
Sorry I mean we can support in the future. By now this feature is not supported
Thanks @NoriZC for confirmation, let's sync with kv team first and decide its priority. cc. @jlichwa
Description of the new feature
The az cli command (az keyvault security-domain restore-blob) to encrypt a security domain blob file with exchange key has an option to provide passwords for the private keys. The equivalent powershell command (Import-AzKeyVaultSecurityDomain) has no such option. To use the powershell command it needs the private keys without any password protection. This is risky and would be better if the password for private keys can be provided during the security domain encrypt/decrypt process.
az keyvault security-domain restore-blob: https://learn.microsoft.com/en-us/cli/azure/keyvault/security-domain?view=azure-cli-latest#az-keyvault-security-domain-restore-blob Import-AzKeyVaultSecurityDomain: https://learn.microsoft.com/en-us/powershell/module/az.keyvault/import-azkeyvaultsecuritydomain?view=azps-11.3.0
Proposed implementation details (optional)
No response