During the virtual machine lifecycle in Microsoft Azure, you will have to validate where the recovery keys are of any given VM that has its disks being encrypted and stored in an Azure Key Vault. Also, it is important to do this exercise when removing/moving Key Vaults around in your subscriptions.
If you have no clue which Key Vaults are in use, then looking at the disk properties/encryption of the desired VM will give you the Azure Key Vault name. It is at the end of the Key Vault field.
Going to the Key Vault (and you must have permissions to read the secrets), you probably will find an avalanche of disk encryption keys being listed. We can click any entry from the list. In the new blade, click on the current version, and then Tags, on the right side it a list of the volume letter, label, and machine name will give the information that you are looking for.
As you may have noticed, the process is tedious, but PowerShell to the rescue!
$vSecrets = Get-AzKeyVaultSecret -VaultName <KeyVaultName> $vSecrets.Tags
More Quick Tips articles
- Using Azure DevOps Repos in your Azure Cloud Shell
- Restarting your Azure Application Gateway with PowerShell
- Renaming your repos in Azure DevOps
- Visual Studio Code keyboard shortcut to manage your code
- Using Azure ephemeral disks when provisioning VMs with ARM