Add-AzureKeyVaultKey失败,不允许“导入”操作

时间:2016-08-07 08:43:59

标签: azure-keyvault

我能够成功创建Azure密钥值,但我无法成功导入PFX文件。这是我使用的命令:

$securepfxpwd = ConvertTo-SecureString –String '123' –AsPlainText –Force
$key1 = Add-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey' -KeyFilePath 'C:\mycert.io.pfx' -KeyFilePassword $securepfxpwd

以下是我遇到的错误:

Add-AzureKeyVaultKey : **Operation "import" is not allowed**
At line:1 char:9
+ $key1 = Add-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : CloseError: (:) [Add-AzureKeyVaultKey], KeyVaultClientException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.AddAzureKeyVaultKey*

当我使用命令:Get-AzureRmKeyVault时,我获得了以下访问密钥信息:

*SKU                             : Standard
Enabled For Deployment?          : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption?     : False
**Access Policies                :** 
Tags                             :*

以下是我的问题:

  1. 我是否应该使用Set-AzureRmKeyVaultAccessPolicy授予自己导入权限?
  2. 如果是这样,该命令的参数是什么,以赋予自己导入证书的权限?

1 个答案:

答案 0 :(得分:0)

今天刚遇到这个问题。

https://blogs.technet.microsoft.com/kv/2016/09/26/get-started-with-azure-key-vault-certificates/ 

Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -UserPrincipalName $upn -PermissionsToCertificates all

有效值为get, list, delete, create, import, update, managecontacts, getissuers, listissuers, setissuers, deleteissuers, all

https://docs.microsoft.com/en-us/powershell/resourcemanager/azurerm.keyvault/v2.5.0/set-azurermkeyvaultaccesspolicy

相关问题
最新问题