Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Get-AzKeyVaultKey
- Module:
- Az.KeyVault Module
Gets Key Vault keys. Please notes that detailed information about a key, like key type or key size, only available when querying a specific key version.
Syntax
ByVaultName (Default)
Get-AzKeyVaultKey
[-VaultName] <String>
[[-Name] <String>]
[-InRemovedState]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByKeyName
Get-AzKeyVaultKey
[-VaultName] <String>
[-Name] <String>
[-Version] <String>
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByKeyVersions
Get-AzKeyVaultKey
[-VaultName] <String>
[-Name] <String>
[-IncludeVersions]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByKeyName
Get-AzKeyVaultKey
[-Name] <String>
[-Version] <String>
-HsmName <String>
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByVaultName
Get-AzKeyVaultKey
[[-Name] <String>]
-HsmName <String>
[-InRemovedState]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByKeyVersions
Get-AzKeyVaultKey
[-Name] <String>
-HsmName <String>
[-IncludeVersions]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByInputObjectVaultName
Get-AzKeyVaultKey
[-InputObject] <PSKeyVault>
[[-Name] <String>]
[-InRemovedState]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByInputObjectKeyName
Get-AzKeyVaultKey
[-InputObject] <PSKeyVault>
[-Name] <String>
[-Version] <String>
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByInputObjectKeyVersions
Get-AzKeyVaultKey
[-InputObject] <PSKeyVault>
[-Name] <String>
[-IncludeVersions]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByInputObjectVaultName
Get-AzKeyVaultKey
[-HsmObject] <PSManagedHsm>
[[-Name] <String>]
[-InRemovedState]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByInputObjectKeyName
Get-AzKeyVaultKey
[-HsmObject] <PSManagedHsm>
[-Name] <String>
[-Version] <String>
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByInputObjectKeyVersions
Get-AzKeyVaultKey
[-HsmObject] <PSManagedHsm>
[-Name] <String>
[-IncludeVersions]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByResourceIdVaultName
Get-AzKeyVaultKey
[[-Name] <String>]
-ResourceId <String>
[-InRemovedState]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByResourceIdKeyName
Get-AzKeyVaultKey
[-Name] <String>
[-Version] <String>
-ResourceId <String>
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByResourceIdKeyVersions
Get-AzKeyVaultKey
[-Name] <String>
-ResourceId <String>
[-IncludeVersions]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByResourceIdVaultName
Get-AzKeyVaultKey
[[-Name] <String>]
-HsmResourceId <String>
[-InRemovedState]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByResourceIdKeyName
Get-AzKeyVaultKey
[-Name] <String>
[-Version] <String>
-HsmResourceId <String>
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
HsmByResourceIdKeyVersions
Get-AzKeyVaultKey
[-Name] <String>
-HsmResourceId <String>
[-IncludeVersions]
[-OutFile <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Get-AzKeyVaultKey cmdlet gets Azure Key Vault keys. This cmdlet gets a specific Microsoft.Azure.Commands.KeyVault.Models.KeyBundle or a list of all KeyBundle objects in a key vault or by version.
Examples
Example 1: Get all the keys in a key vault
Get-AzKeyVaultKey -VaultName 'contoso'
Vault/HSM Name : contoso
Name : test1
Version :
Id : https://contoso.vault.azure.net:443/keys/test1
Enabled : True
Expires : 11/24/2018 6:08:13 PM
Not Before : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags :
Vault Name : contoso
Name : test2
Version :
Id : https://contoso.vault.azure.net:443/keys/test2
Enabled : True
Expires : 11/24/2018 6:09:44 PM
Not Before : 5/24/2018 5:59:44 PM
Created : 5/24/2018 6:09:44 PM
Updated : 5/24/2018 6:09:44 PM
Purge Disabled : False
Tags :
This command gets all the keys in the key vault named Contoso.
Example 2: Get the current version of a key
Get-AzKeyVaultKey -VaultName 'contoso' -KeyName 'test1'
Vault/HSM Name : contoso
Name : test1
Key Type : RSA
Key Size : 2048
Version : 7fe415d5518240c1a6fce89986b8d334
Id : https://contoso.vault.azure.net:443/keys/test1/7fe415d5518240c1a6fce89986b8d334
Enabled : True
Expires : 11/24/2018 6:08:13 PM
Not Before : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags :
This command gets the current version of the key named test1 in the key vault named Contoso.
Example 3: Get all versions of a key
Get-AzKeyVaultKey -VaultName 'contoso' -KeyName 'test1' -IncludeVersions
Vault/HSM Name : contoso
Name : test1
Version : 7fe415d5518240c1a6fce89986b8d334
Id : https://contoso.vault.azure.net:443/keys/test1/7fe415d5518240c1a6fce89986b8d334
Enabled : True
Expires : 11/24/2018 6:08:13 PM
Not Before : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags :
Vault/HSM Name : contoso
Name : test1
Version : e4e95940e669407fbdb4298bc21a3e1d
Id : https://contoso.vault.azure.net:443/keys/test1/e4e95940e669407fbdb4298bc21a3e1d
Enabled : False
Expires : 11/24/2018 6:08:08 PM
Not Before : 5/24/2018 5:58:08 PM
Created : 5/24/2018 6:08:08 PM
Updated : 5/24/2018 6:08:08 PM
Purge Disabled : False
Tags :
This command gets all versions the key named ITPfx in the key vault named Contoso.
Example 4: Get a specific version of a key
Get-AzKeyVaultKey -VaultName 'contoso' -KeyName 'test1' -Version 'e4e95940e669407fbdb4298bc21a3e1d'
Vault/HSM Name : contoso
Name : test1
Key Type : RSA
Key Size : 2048
Version : e4e95940e669407fbdb4298bc21a3e1d
Id : https://contoso.vault.azure.net:443/keys/test1/e4e95940e669407fbdb4298bc21a3e1d
Enabled : False
Expires : 11/24/2018 6:08:08 PM
Not Before : 5/24/2018 5:58:08 PM
Created : 5/24/2018 6:08:08 PM
Updated : 5/24/2018 6:08:08 PM
Purge Disabled : False
Tags :
This command gets a specific version of the key named test1 in the key vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $Key object.
Example 5: Get all the keys that have been deleted but not purged for this key vault
Get-AzKeyVaultKey -VaultName 'contoso' -InRemovedState
Vault/HSM Name : contoso
Name : test3
Id : https://contoso.vault.azure.net:443/keys/test3
Deleted Date : 5/24/2018 8:32:42 PM
Scheduled Purge Date : 8/22/2018 8:32:42 PM
Enabled : True
Expires :
Not Before :
Created : 5/24/2018 8:32:27 PM
Updated : 5/24/2018 8:32:27 PM
Purge Disabled : False
Tags :
This command gets all the keys that have been previously deleted, but not purged, in the key vault named Contoso.
Example 6: Gets the key ITPfx that has been deleted but not purged for this key vault.
Get-AzKeyVaultKey -VaultName 'contoso' -KeyName 'test3' -InRemovedState
Vault/HSM Name : contoso
Name : test3
Id : https://contoso.vault.azure.net:443/keys/test3/1af807cc331a49d0b52b7c75e1b2366e
Deleted Date : 5/24/2018 8:32:42 PM
Scheduled Purge Date : 8/22/2018 8:32:42 PM
Enabled : True
Expires :
Not Before :
Created : 5/24/2018 8:32:27 PM
Updated : 5/24/2018 8:32:27 PM
Purge Disabled : False
Tags :
This command gets the key test3 that has been previously deleted, but not purged, in the key vault named Contoso. This command will return metadata such as the deletion date, and the scheduled purging date of this deleted key.
Example 7: Get all the keys in a key vault using filtering
Get-AzKeyVaultKey -VaultName 'contoso' -KeyName "test*"
Vault/HSM Name : contoso
Name : test1
Version :
Id : https://contoso.vault.azure.net:443/keys/test1
Enabled : True
Expires : 11/24/2018 6:08:13 PM
Not Before : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags :
Vault/HSM Name : contoso
Name : test2
Version :
Id : https://contoso.vault.azure.net:443/keys/test2
Enabled : True
Expires : 11/24/2018 6:09:44 PM
Not Before : 5/24/2018 5:59:44 PM
Created : 5/24/2018 6:09:44 PM
Updated : 5/24/2018 6:09:44 PM
Purge Disabled : False
Tags :
This command gets all the keys in the key vault named Contoso that start with "test".
Example 8: Download a public key as a .pem file
$path = "D:\public.pem"
Get-AzKeyVaultKey -VaultName $vaultName -KeyName $keyName -OutFile $path
You can download the public key of a RSA key by specifying the -OutFile parameter.
This is one step of importing HSM-protected keys to Azure Key Vault. See https://learn.microsoft.com/azure/key-vault/keys/hsm-protected-keys
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-HsmName
HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HsmObject
HSM object.
Parameter properties
| Type: | PSManagedHsm |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HsmResourceId
HSM Resource Id.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IncludeVersions
Indicates that this cmdlet gets all versions of a key. The current version of a key is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters. If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the key with the specified Name.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InputObject
KeyVault object.
Parameter properties
| Type: | PSKeyVault |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InRemovedState
Specifies whether to show the previously deleted keys in the output
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
Specifies the name of the key bundle to get.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | True |
| DontShow: | False |
| Aliases: | KeyName |
Parameter sets
-OutFile
Specifies the output file for which this cmdlet saves the key. The public key is saved in PEM format by default.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResourceId
KeyVault Resource Id.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-VaultName
Specifies the name of the key vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name that this parameter specifies and your selected environment.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Version
Specifies the key version. This cmdlet constructs the FQDN of a key based on the key vault name, your currently selected environment, the key name, and the key version.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | KeyVersion |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
PSKeyVault
String
Outputs
PSKeyVaultKeyIdentityItem
PSKeyVaultKey
PSDeletedKeyVaultKeyIdentityItem
PSDeletedKeyVaultKey
Related Links
Azure PowerShell
Feedback
Was this page helpful?