Skip to content

Instantly share code, notes, and snippets.

@SpaceShot
Last active August 2, 2022 13:15

Revisions

  1. SpaceShot revised this gist Aug 2, 2022. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Create-Key-Pair-Azure.md
    Original file line number Diff line number Diff line change
    @@ -7,7 +7,7 @@ KEY_VAULT_NAME=cg-rsakeys-test-kv

    ### Create a resource group to use
    ``` bash
    az group create -l $ESOURCE_GROUP_LOCATION -n $RESOURCE_GROUP
    az group create -l $RESOURCE_GROUP_LOCATION -n $RESOURCE_GROUP
    ```

    ### View all resource groups
  2. SpaceShot revised this gist Feb 24, 2022. 1 changed file with 6 additions and 2 deletions.
    8 changes: 6 additions & 2 deletions Create-Key-Pair-Azure.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,11 @@ Not sure what security considerations are per terminal instance.

    ### Create a key vault
    ```bash
    az keyvault create --location $ESOURCE_GROUP_LOCATION --name $KEY_VAULT_NAME --resource-group "$RESOURCE_GROUP"
    az keyvault create --location $RESOURCE_GROUP_LOCATION --name $KEY_VAULT_NAME --resource-group "$RESOURCE_GROUP"
    ```

    ### Save the secret to the vault
    ### Save the secrets to the vault
    ```bash
    az keyvault secret set --vault-name $KEY_VAULT_NAME --name "PublicKey" --file rsa_key.pub
    az keyvault secret set --vault-name $KEY_VAULT_NAME --name "PrivateKey" --file rsa_key.p8
    ```
  3. SpaceShot created this gist Feb 24, 2022.
    52 changes: 52 additions & 0 deletions Create-Key-Pair-Azure.md
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,52 @@
    ## In the Azure Cloud Shell or Azure CLI

    ### Set variables
    RESOURCE_GROUP=cg-rsakeys-test
    RESOURCE_GROUP_LOCATION=westus
    KEY_VAULT_NAME=cg-rsakeys-test-kv

    ### Create a resource group to use
    ``` bash
    az group create -l $ESOURCE_GROUP_LOCATION -n $RESOURCE_GROUP
    ```

    ### View all resource groups
    ``` bash
    az group list -o table

    # Alternative to filter down in a large subscription
    az group list --query "[?starts_with(name,'cg')]" -o table

    # Or to directly check on this one
    az group list --query "[?name=='$RESOURCE_GROUP']" -o table
    ```


    ### Create an sshkey as an azure resource
    ```bash
    az sshkey create --name "mySSHKey" --resource-group "$RESOURCE_GROUP"
    ```

    ### Create an unencrypted private key with openssl
    [Snowflake Ready Private Key (per docs)](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#step-1-generate-the-private-key)
    See openssl docs for more info
    ``` bash
    openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt
    ```

    ### Create public key based on private key
    [Snowflake docs on public key](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#step-2-generate-a-public-key)
    Again, see openssl docs
    ``` bash
    openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
    ```

    Note that ssh-keygen is also on the bash shell in Azure Cloud Shell. If using the online shell, consider creating keys in the clouddrive.
    Not sure what security considerations are per terminal instance.

    ### Create a key vault
    ```bash
    az keyvault create --location $ESOURCE_GROUP_LOCATION --name $KEY_VAULT_NAME --resource-group "$RESOURCE_GROUP"
    ```

    ### Save the secret to the vault