In addition to creating new keys, Azure Key Vault allows you to import existing keys as well. Since we've already worked through the process of creating a new key in the key vault, let's work through the process of importing an existing software-protected key using the the Add-AzureKeyVaultKey command. In this demo, I'm going to walk you through this import process. I have here, in my keys folder, a software-protected key called swkey.pfx. This exported key is protected with a password. I used A123456z! to secure this key when I exported it from my workstation. To upload this key to my key vault in Azure, I first need to store this password in a variable using the ConvertTo-SecureString command. I can then access the key and import it from the PFX file into my key vault. 

As you can see on the screen here, I'm converting the exported keys password to a secure string and storing it in the secure pfxpwd variable. Hitting ENTER runs this command and it usually doesn't do a whole lot. We're just saving a value to a variable. However, when it finishes, I can then import the key from the PFX file by running the Add-AzureKeyVaultKey command that I'm going to paste into the PowerShell session right now. When importing a software-protected key using this command, we need to specify the KeyFilePath and the KeyFilePassword. The KeyFilePath switch references the path to the PFX file that we're going to import. The KeyFilePassword is the secure password that we need to access the PFX file. That's the password we stored up here in the secure pfxpwd variable. Hitting ENTER here will create the key and store it in the vault. 

We can display the URI for this imported key by typing Key-ID at the PowerShell prompt. So we go ahead and type in our command here to pull up the URI for our newly imported key. Now as you can see here, the full URI references MyImportedPFX. The MyImportedPFX key is the name of the key that we imported in our command. Now to view the actual key, we need to use the Get-AzureKeyVaultKey command. I'm going to go ahead and paste that command into our window here. 

And as you can see on your screen, this command is essentially identical to the one we used previously to view the newly created key, except in this case, we're just specifying MyImportedPFX as our key that we're interested in. You can go ahead and hit ENTER here and what it's going to do is return some key attributes about our imported key. It's going to tell us when it was created when it was updated, and it gives us the vault name along with the ID. Now, if we wanted to view the properties of this imported key or really any other keys in our key vault, we could go into our Azure portal, as you can see here on the screen, browse into our actual key vault here and select Keys. On the screen where you can see that the portal tells us we have two keys in our vault, MyFirstKey which we created and MyImportedPFX which we imported. 

Clicking on either one of those pulls up properties for those keys. So with that said, let's move on.