Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Get-AzKeyVaultSecret
- Module:
- Az.KeyVault Module
Gets the secrets in a key vault.
Syntax
ByVaultName (Default)
Get-AzKeyVaultSecret
[-VaultName] <String>
[[-Name] <String>]
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
BySecretName
Get-AzKeyVaultSecret
[-VaultName] <String>
[-Name] <String>
[-Version] <String>
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
BySecretVersions
Get-AzKeyVaultSecret
[-VaultName] <String>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByInputObjectVaultName
Get-AzKeyVaultSecret
[-InputObject] <PSKeyVault>
[[-Name] <String>]
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByInputObjectSecretName
Get-AzKeyVaultSecret
[-InputObject] <PSKeyVault>
[-Name] <String>
[-Version] <String>
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByInputObjectSecretVersions
Get-AzKeyVaultSecret
[-InputObject] <PSKeyVault>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
BySecretUri
Get-AzKeyVaultSecret
[-Id] <String>
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByParentResourceIdVaultName
Get-AzKeyVaultSecret
[-ParentResourceId] <String>
[[-Name] <String>]
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByParentResourceIdSecretName
Get-AzKeyVaultSecret
[-ParentResourceId] <String>
[-Name] <String>
[-Version] <String>
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByParentResourceIdSecretVersions
Get-AzKeyVaultSecret
[-ParentResourceId] <String>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Get-AzKeyVaultSecret cmdlet gets secrets in a key vault. This cmdlet gets a specific secret or all the secrets in a key vault.
Examples
Example 1: Get all current versions of all secrets in a key vault
Get-AzKeyVaultSecret -VaultName 'Contoso'
Vault Name : contoso
Name : secret1
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret1
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret2
Enabled : True
Expires :
Not Before :
Created : 4/11/2018 11:45:06 PM
Updated : 4/11/2018 11:45:06 PM
Content Type :
Tags :
This command gets the current versions of all secrets in the key vault named Contoso.
Example 2: Get all versions of a specific secret
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -IncludeVersions
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret1
Version : 5d1a74ba2c454439886fb8509b6cab3c
Id : https://contoso.vault.azure.net:443/secrets/secret1/5d1a74ba2c454439886fb8509b6cab3c
Enabled : True
Expires :
Not Before :
Created : 4/5/2018 11:44:50 PM
Updated : 4/5/2018 11:44:50 PM
Content Type :
Tags :
This command gets all versions of the secret named secret1 in the key vault named Contoso.
Example 3: Get the current version of a specific secret
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1'
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
This command gets the current version of the secret named secret1 in the key vault named Contoso.
Example 4: Get a specific version of a specific secret
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -Version '5d1a74ba2c454439886fb8509b6cab3c'
Vault Name : contoso
Name : secret1
Version : 5d1a74ba2c454439886fb8509b6cab3c
Id : https://contoso.vault.azure.net:443/secrets/secret1/5d1a74ba2c454439886fb8509b6cab3c
Enabled : True
Expires :
Not Before :
Created : 4/5/2018 11:44:50 PM
Updated : 4/5/2018 11:44:50 PM
Content Type :
Tags :
This command gets a specific version of the secret named secret1 in the key vault named Contoso.
Example 5: Get the current version of a specific secret using Uri
Get-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/secret1/'
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
This command gets the current version of the secret named secret1 in the key vault named Contoso.
Example 6: Get a specific version of a specific secret using Uri
Get-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/secret1/7128133570f84a71b48d7d0550deb74c'
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
This command gets a specific version of the secret named secret1 in the key vault named Contoso.
Example 7: Get the current version of all the secrets using Uri
Get-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/'
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret2/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
This command gets the current version of all the secrets in the key vault named Contoso.
Example 8: Get the plain text value of the current version of a specific secret
$secretText = Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -AsPlainText
The cmdlet returns the secret as a string when -AsPlainText is applied.
Note: When listing secrets, i.e. not providing -Name, the -AsPlainText is ignored.
Example 9: Get all the secrets that have been deleted but not purged for this key vault.
Get-AzKeyVaultSecret -VaultName 'Contoso' -InRemovedState
Vault Name : contoso
Name : secret1
Id : https://contoso.vault.azure.net:443/secrets/secret1
Deleted Date : 4/4/2018 8:51:58 PM
Scheduled Purge Date : 7/3/2018 8:51:58 PM
Enabled : True
Expires :
Not Before :
Created : 4/4/2018 8:51:03 PM
Updated : 4/4/2018 8:51:03 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Id : https://contoso.vault.azure.net:443/secrets/secret2
Deleted Date : 5/7/2018 7:56:34 PM
Scheduled Purge Date : 8/5/2018 7:56:34 PM
Enabled : True
Expires :
Not Before :
Created : 4/6/2018 8:39:15 PM
Updated : 4/6/2018 10:11:24 PM
Content Type :
Tags :
This command gets all the secrets that have been previously deleted, but not purged, in the key vault named Contoso.
Example 10: Gets the secret ITSecret that has been deleted but not purged for this key vault.
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -InRemovedState
Vault Name : contoso
Name : secret1
Version : 689d23346e9c42a2a64f4e3d75094dcc
Id : https://contoso.vault.azure.net:443/secrets/secret1/689d23346e9c42a2a64f4e3d75094dcc
Deleted Date : 4/4/2018 8:51:58 PM
Scheduled Purge Date : 7/3/2018 8:51:58 PM
Enabled : True
Expires :
Not Before :
Created : 4/4/2018 8:51:03 PM
Updated : 4/4/2018 8:51:03 PM
Content Type :
Tags :
This command gets the secret 'secret1' that has been previously deleted, but not purged, in the key vault named Contoso. This command will return metadata such as the deletion date, and the scheduled purging date of this deleted secret.
Example 11: Get all current versions of all secrets in a key vault using filtering
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name "secret*"
Vault Name : contoso
Name : secret1
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret1
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret2
Enabled : True
Expires :
Not Before :
Created : 4/11/2018 11:45:06 PM
Updated : 4/11/2018 11:45:06 PM
Content Type :
Tags :
This command gets the current versions of all secrets in the key vault named Contoso that start with "secret".
Example 12: Get a secret in Azure Key Vault by command Get-Secret in module Microsoft.PowerShell.SecretManagement
# Install module Microsoft.PowerShell.SecretManagement
Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -AllowPrerelease
# Register vault for Secret Management
Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }
# Set secret for vault AzKeyVault
$secure = ConvertTo-SecureString -String "****" -AsPlainText -Force
Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure
Get-Secret -Vault AzKeyVault -Name secureSecret -AsPlainText
Password
This example Gets a secret named secureSecret in Azure Key Vault named test-kv by command Get-Secret in module Microsoft.PowerShell.SecretManagement.
Parameters
-AsPlainText
When set, the cmdlet will convert secret in secure string to the decrypted plaintext string as output.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-Id
The URI of the KeyVault Secret.
Please ensure it follows the format: https://<vault-name>.vault.azure.net/secrets/<secret-name>/<version>
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecretId |
Parameter sets
-IncludeVersions
Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters. If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the secret with the specified Name.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InputObject
KeyVault Object.
Parameter properties
| Type: | PSKeyVault |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InRemovedState
Specifies whether to show the previously deleted secrets in the output
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
Specifies the name of the secret to get.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | True |
| DontShow: | False |
| Aliases: | SecretName |
Parameter sets
-ParentResourceId
KeyVault Resource Id.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ResourceId |
Parameter sets
-VaultName
Specifies the name of the key vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name that this parameter specifies and your current environment.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Version
Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the key vault name, your currently selected environment, the secret name, and the secret version.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecretVersion |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
PSKeyVault
String
Outputs
PSKeyVaultSecretIdentityItem
PSKeyVaultSecret
PSDeletedKeyVaultSecretIdentityItem
PSDeletedKeyVaultSecret
Related Links
Azure PowerShell
Feedback
Was this page helpful?