During the virtual machine lifecycle in Microsoft Azure, you will have to validate where the recovery keys are of any given VM that has its disks being encrypted and stored in an Azure Key Vault. Also, it is important to do this exercise when removing/moving Key Vaults around in your subscriptions.
If you have no clue which Key Vaults are in use, then looking at the disk properties/encryption of the desired VM will give you the Azure Key Vault name. It is at the end of the Key Vault field.
Going to the Key Vault (and you must have permissions to read the secrets), you probably will find an avalanche of disk encryption keys being listed. We can click any entry from the list. In the new blade, click on the current version, and then Tags, on the right side it a list of the volume letter, label, and machine name will give the information that you are looking for.
As you may have noticed, the process is tedious, but PowerShell to the rescue!
$vSecrets = Get-AzKeyVaultSecret -VaultName <KeyVaultName> $vSecrets.Tags
More Quick Tips articles
- Azure Charts: If you’re not using this cool feature, you should be
- Azure Portal Managed View: Finally, a site for sore eyes
- Reading text files the easy way with PowerShell and Linux bash shell
- Understanding MFA changes when enabling Azure Premium features
- Improvements on the verify domain error in Office 365