One way is you can use Powershell or CLI to achieve this. after you have done an az login.
keys
Export-AzKeyVaultKey and Import-AzKeyVaultKey commands in Azure PowerShell or the az keyvault key export and az keyvault key import commands in Azure CLI to export and import keys and secrets.
Certs
Export-AzKeyVaultCertificate and Import-AzKeyVaultCertificate commands in Azure PowerShell or the az keyvault certificate export and az keyvault certificate import commands in Azure CLI.
RBAC policies
Get-AzKeyVaultAccessPolicy and Set-AzKeyVaultAccessPolicy commands in Azure PowerShell or the az keyvault show and az keyvault set-policy
CLI example of how to export the keys, certs and RBAC policies to a local file
# Authenticate to Azure
az login
# Export keys, secrets, and certificates from the key vault
keyVaultName="<key-vault-name>"
exportFolderPath="<export-folder-path>"
az keyvault key export --name "<key-name>" --vault-name $keyVaultName --file "$exportFolderPath/key.json"
az keyvault secret export --name "<secret-name>" --vault-name $keyVaultName --file "$exportFolderPath/secret.json"
az keyvault certificate export --name "<certificate-name>" --vault-name $keyVaultName --file "$exportFolderPath/certificate.json"
# Export RBAC policies from the key vault
keyVault=$(az keyvault show --name $keyVaultName)
accessPolicies=$keyVault.properties.accessPolicies
echo $accessPolicies > "$exportFolderPath/access-policies.json"
If you wanted to restore those from the local file to another key vault this will the CLI way to do it
az keyvault key import --name "<key-name>" --vault-name $keyVaultName --file "$exportFolderPath/key.json"
az keyvault secret import --name "<secret-name>" --vault-name $keyVaultName --file "$exportFolderPath/secret.json"
az keyvault certificate import --name "<certificate-name>" --vault-name $keyVaultName --file "$exportFolderPath/certificate.json"
accessPolicies=$(cat "$exportFolderPath/access-policies.json")
az keyvault set-policy --name $keyVaultName --access-policies $accessPolicies
2
Answers
One way is you can use Powershell or CLI to achieve this. after you have done an az login.
keys
Export-AzKeyVaultKey and Import-AzKeyVaultKey commands in Azure PowerShell or the az keyvault key export and az keyvault key import commands in Azure CLI to export and import keys and secrets.
Certs
Export-AzKeyVaultCertificate and Import-AzKeyVaultCertificate commands in Azure PowerShell or the az keyvault certificate export and az keyvault certificate import commands in Azure CLI.
RBAC policies
Get-AzKeyVaultAccessPolicy and Set-AzKeyVaultAccessPolicy commands in Azure PowerShell or the az keyvault show and az keyvault set-policy
CLI example of how to export the keys, certs and RBAC policies to a local file
If you wanted to restore those from the local file to another key vault this will the CLI way to do it
To Back up and restore an entire keyvault
https://learn.microsoft.com/en-us/powershell/module/az.keyvault/backup-azkeyvault?view=azps-9.2.0
AS Ricky Gummadi said One way is you can use PowerShell or CLI to achieve this.
The other method to Backup and Restore keys, secrets, certificates is through Azure portal is as follows
To backup and restore the Azure Key vault follow the Reference Document.
Keys Backup in Key Vault:
In key vault select created keys and click on Download Backup
Secrets Backup in Key Vault:
Select created Secret then click on Download Backup
Certificates Backup in Key Vault:
Restore:
Reference link