-
Notifications
You must be signed in to change notification settings - Fork 1
/
AutoDisable-OlderVersions-Secrets.ps1
36 lines (32 loc) · 1.39 KB
/
AutoDisable-OlderVersions-Secrets.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<#
Azure KeyVault - AutoDisable older Versions of Secrets from a KeyVault.
######################################################################
### Change into the Code ###
You need to change line numbers 10 (Your_SPI), 24 (Subscription_ID) & 27 (KeyVault).
###----------------------###
#>
# Get the Azure Automation connection object
$connection = Get-AutomationConnection -Name "<Your_SPI>"
# Connect to Azure using the connection object
Try {
Connect-AzAccount -ServicePrincipal `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint | Out-Null
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}
# Set the subscription context
Set-AzContext -SubscriptionId "<Subscription_ID>" | Out-Null
# Set the KeyVault
$KeyVaultName = "<KeyVault>"
$secrets = Get-AzKeyVaultSecret -VaultName $KeyVaultName
# Disable all the older versions of Secrets & keep the latest one only.
foreach ($secret in $secrets) {
$ListedVersions = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name ($secret.Name) -IncludeVersions | Select-Object * |
Sort-Object -Descending Created | Select-Object -Skip 1
$ListedVersions
$ListedVersions | ForEach-Object -Process {Update-AzKeyVaultSecret -VaultName $KeyVaultName -Name $($PSItem.Name) -Version $($PSItem.Version) -Enable $false -Verbose}
}