Can you keep a secret? Have you tried using Azure Key Vault with Power Automate? here is an overview of the Azure Key Vault connector.

The Azure Key Vault

Table of Contents

• The Azure Key Vault
• The Azure Key Vault Connector
• Decrypt and Encrypt data

I’ve create an Azure Key vault to keep hold of my secrets.

The Azure Key Vault Connector

There are 4 actions that will list information from the Azure Key Vault

• List keys
• list secrets
• List Secret versions
• List key version

When you add these action to your flow you will soon see … well, not very much. A greyed out Sign in button and a Vault name

Once you have supplied a Vault name, the sing in button will enable itself.

And when we run these actions the secrets and the keys are returned.

But most likely we would want the actual secret information behind each secret. We will need to use another item for this.

The Get Secret action will get the details of the secrets.

When we run this flow, we will get the actual secret information from the Key Vault.

How often do you use settings inside a flow? The Key Vault might quite well be a good place to store some of your flow settings. So often settings are stored in SharePoint, while really these settings aren’t anything that you want to share.

Wait a moment, but the flow run is now sharing my secret! That is easily solved. You could now secure the output from the above action, using the secure your input and output in flows setting.

Decrypt and Encrypt data

And when you try these options you will get the following message:

Operation failed because client does not have permission to perform the operation on the key vault. Please check your permissions in the key vault access policies.

that is a bit annoying!

The way to solve this tick the boxes for Decrypt and Encrypt in the Access Policies in your Vault.

Once you’ve done this, problem solved and you can encrypt and desrypt your data using the Key Vault

Now if you combine these actions you can collect the Secrets and keys and use them within flows, however there is no create a secret action in flow. There is however an option to do this from Powershell.

This blog is part of Azure Week. Check it out for more great content!

About the Author:

For a long time the title of this site mentioned all the Microsoft technology that I’m involved with. But the title SharePoint, Dynamics 365, Project Server, Office 365/Microsoft 365, Skype for Business, OneDrive, PowerShell and Nintex didn’t really catch it all as I get involved in more parts of the Microsoft products stack and related software.

Reference:

Veenstra, P. (2021). Azure Key Vault and Power Automate. Available at: https://sharepains.com/2020/09/23/azure-key-vault-and-power-automate/ [Accessed: 8th July 2021].