2

我能够成功创建 Azure 密钥值,但无法成功导入 PFX 文件。这是我使用的命令:

$securepfxpwd = ConvertTo-SecureString –String '123' –AsPlainText –Force
$key1 = Add-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey' -KeyFilePath 'C:\mycert.io.pfx' -KeyFilePassword $securepfxpwd

这是我得到的错误:

Add-AzureKeyVaultKey : **Operation "import" is not allowed**
At line:1 char:9
+ $key1 = Add-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : CloseError: (:) [Add-AzureKeyVaultKey], KeyVaultClientException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.AddAzureKeyVaultKey*

当我使用 command:Get-AzureRmKeyVault时,我得到了以下访问密钥的信息:

*SKU                             : Standard
Enabled For Deployment?          : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption?     : False
**Access Policies                :** 
Tags                             :*

以下是我的问题:

  1. 我是否应该授予自己使用 Set-AzureRmKeyVaultAccessPolicy 导入的权限?
  2. 如果是这样,该命令的参数是什么来授予自己导入证书的权限?
4

1 回答 1

1

今天刚遇到这个问题。

https://blogs.technet.microsoft.com/kv/2016/09/26/get-started-with-azure-key-vault-certificates/

Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -UserPrincipalName $upn -PermissionsToCertificates all

有效值为get, list, delete, create, import, update, managecontacts, getissuers, listissuers, setissuers, deleteissuers, all

https://docs.microsoft.com/en-us/powershell/resourcemanager/azurerm.keyvault/v2.5.0/set-azurermkeyvaultaccesspolicy

于 2017-02-14T10:13:13.850 回答