HackTricks Cloud
HackTricks TrainingTwitterLinkedinSponsor

Az - Key Vault Post Exploitation

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Azure Key Vault

For more information about this service check:

Az - Key Vault

Microsoft.KeyVault/vaults/secrets/getSecret/action

This permission will allow a principal to read the secret value of secrets:

az keyvault secret show --vault-name <vault name> --name <secret name>

# Get old version secret value
az keyvault secret show --id https://<KeyVaultName>.vault.azure.net/secrets/<KeyVaultName>/<idOldVersion>

Microsoft.KeyVault/vaults/certificates/purge/action

This permission allows a principal to permanently delete a certificate from the vault.

az keyvault certificate purge --vault-name <vault name> --name <certificate name>

Microsoft.KeyVault/vaults/keys/encrypt/action

This permission allows a principal to encrypt data using a key stored in the vault.

az keyvault key encrypt --vault-name <vault name> --name <key name> --algorithm <algorithm> --value <value>

# Example
echo "HackTricks" | base64 # SGFja1RyaWNrcwo=
az keyvault key encrypt --vault-name testing-1231234 --name testing --algorithm RSA-OAEP-256 --value SGFja1RyaWNrcwo=

Microsoft.KeyVault/vaults/keys/decrypt/action

This permission allows a principal to decrypt data using a key stored in the vault.

az keyvault key decrypt --vault-name <vault name> --name <key name> --algorithm <algorithm> --value <value>

# Example
az keyvault key decrypt --vault-name testing-1231234 --name testing --algorithm RSA-OAEP-256 --value "ISZ+7dNcDJXLPR5MkdjNvGbtYK3a6Rg0ph/+3g1IoUrCwXnF791xSF0O4rcdVyyBnKRu0cbucqQ/+0fk2QyAZP/aWo/gaxUH55pubS8Zjyw/tBhC5BRJiCtFX4tzUtgTjg8lv3S4SXpYUPxev9t/9UwUixUlJoqu0BgQoXQhyhP7PfgAGsxayyqxQ8EMdkx9DIR/t9jSjv+6q8GW9NFQjOh70FCjEOpYKy9pEGdLtPTrirp3fZXgkYfIIV77TXuHHdR9Z9GG/6ge7xc9XT6X9ciE7nIXNMQGGVCcu3JAn9BZolb3uL7PBCEq+k2rH4tY0jwkxinM45tg38Re2D6CEA==" # This is the result from the previous encryption

Microsoft.KeyVault/vaults/keys/purge/action

This permission allows a principal to permanently delete a key from the vault.

az keyvault key purge --vault-name <vault name> --name <key name>

Microsoft.KeyVault/vaults/secrets/purge/action

This permission allows a principal to permanently delete a secret from the vault.

az keyvault secret purge --vault-name <vault name> --name <secret name>

Microsoft.KeyVault/vaults/secrets/setSecret/action

This permission allows a principal to create or update a secret in the vault.

az keyvault secret set --vault-name <vault name> --name <secret name> --value <secret value>

Microsoft.KeyVault/vaults/certificates/delete

This permission allows a principal to delete a certificate from the vault. The certificate is moved to the "soft-delete" state, where it can be recovered unless purged.

az keyvault certificate delete --vault-name <vault name> --name <certificate name>

Microsoft.KeyVault/vaults/keys/delete

This permission allows a principal to delete a key from the vault. The key is moved to the "soft-delete" state, where it can be recovered unless purged.

az keyvault key delete --vault-name <vault name> --name <key name>

Microsoft.KeyVault/vaults/secrets/delete

This permission allows a principal to delete a secret from the vault. The secret is moved to the "soft-delete" state, where it can be recovered unless purged.

az keyvault secret delete --vault-name <vault name> --name <secret name>

Microsoft.KeyVault/vaults/secrets/restore/action

This permission allows a principal to restore a secret from a backup.

az keyvault secret restore --vault-name <vault-name> --file <backup-file-path>

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
PreviousAz - Post ExploitationNextAz - Privilege Escalation

Last updated