Can I Upload SSH Keys to Azure Keyvault using azcollection?

HI

I’m writing an Ansible script to perform key rotation across my company’s Linux estate. We use Azure as a cloud platform and I’m looking to store a backup copy of the public and private keys in Azure Keyvault. The Linux estate itself is hosted on VMWare and isn’t part of the Azure cloud.

Using the azure_rm_keyvaultkey I have been able to successfully generate a new key via the Keyvault itself using the code below, but I need the functionality to upload the key I’ve generated on our local AWX instance instead, and I’m not certain if the module provides this functionality:

  • name: Create a key
    azure_rm_keyvaultkey:
    key_name: “TestKey2”
    keyvault_uri: “https://.vault.azure.net/”
    state: present
    #pem_file: “{{ lookup(‘file’, ‘/tmp/{{ ssh_key_filename }}’) }}”
    delegate_to: localhost
    become: false

There is a pem_file parameter which can be set to a string (the documentation for this module is pretty poor and information for this consists just of a copy of its name), I’ve tried using this to reference the keyfile I’ve created as in the commented line above, but this doesn’t seem to result in my key being added to the vault.

Does anybody know if it’s possible to upload SSH keys via using the azcollection modules?

My backup plan if not is currently to investigate using the shell/command modules in conjunction with the az cli to achieve this if not.

Thanks.

Alex.

Uploading private SSH keys to Azure key vault takes.... finesse. Only
certain formats are properly handled for use by other Azure tools,
such as private keys for Bastion. The private keys can be generated
with these options

     ssh-keygen -m PEM =b 4096