SecretClient Class

  • Reference
Package:
com.azure.security.keyvault.secrets
Maven Artifact:
com.azure:azure-security-keyvault-secrets:4.8.0
  • java.lang.Object
    • com.azure.security.keyvault.secrets.SecretClient

public final class SecretClient

The SecretClient provides synchronous methods to manage KeyVaultSecret in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring, and listing the KeyVaultSecret. The client also supports listing DeletedSecret for a soft-delete enabled key vault.

Getting Started

In order to interact with the Azure Key Vault service, you will need to create an instance of the SecretClient class, a vault url and a credential object.

The examples shown in this document use a credential object named DefaultAzureCredential for authentication, which is appropriate for most scenarios, including local development and production environments. Additionally, we recommend using a managed identity for authentication in production environments. You can find more information on different ways of authenticating and their corresponding credential types in the Azure Identity documentation".

Sample: Construct Synchronous Secret client

SecretClient secretClient = new SecretClientBuilder()
     .credential(new DefaultAzureCredentialBuilder().build())
     .vaultUrl("<your-key-vault-url>")
     .buildClient();

Create a Secret

The SecretClient can be used to create a secret in the key vault.

Code Sample:

The following code sample demonstrates how to synchronously create and store a secret in the key vault, using the setSecret(String name, String value) API.

KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue");
 System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());

Note: For the asynchronous sample, refer to SecretAsyncClient.

Get a Secret

The SecretClient can be used to retrieve a secret from the key vault.

Code Sample:

The following code sample demonstrates how to synchronously retrieve a previously stored secret from the Azure KeyVault, using the getSecret(String name) API.

KeyVaultSecret secret = secretClient.getSecret("secretName");
 System.out.printf("Secret is returned with name %s and value %s%n",
     secret.getName(), secret.getValue());

Note: For the asynchronous sample, refer to SecretAsyncClient.

Delete a Secret

The SecretClient can be used to delete a secret from the key vault.

Code Sample:

The following code sample demonstrates how to delete a secret from the key vault, using the beginDeleteSecret(String name) API.

SyncPoller<DeletedSecret, Void> deleteSecretPoller = secretClient.beginDeleteSecret("secretName");

 // Deleted Secret is accessible as soon as polling begins.
 PollResponse<DeletedSecret> deleteSecretPollResponse = deleteSecretPoller.poll();

 // Deletion date only works for a SoftDelete-enabled Key Vault.
 System.out.println("Deleted Date  %s" + deleteSecretPollResponse.getValue()
     .getDeletedOn().toString());
 System.out.printf("Deleted Secret's Recovery Id %s", deleteSecretPollResponse.getValue()
     .getRecoveryId());

 // Secret is being deleted on server.
 deleteSecretPoller.waitForCompletion();

Note: For the asynchronous sample, refer to SecretAsyncClient.

Method Summary

Modifier and Type Method and Description
byte[] backupSecret(String name)

Requests a backup of the secret be downloaded to the client.
Response<byte[]> backupSecretWithResponse(String name, Context context)

Requests a backup of the secret be downloaded to the client.
SyncPoller<DeletedSecret,Void> beginDeleteSecret(String name)

Deletes a secret from the key vault.
SyncPoller<KeyVaultSecret,Void> beginRecoverDeletedSecret(String name)

Recovers the deleted secret in the key vault to its latest version.
DeletedSecret getDeletedSecret(String name)

Gets a secret that has been deleted for a soft-delete enabled key vault.
Response<DeletedSecret> getDeletedSecretWithResponse(String name, Context context)

Gets a secret that has been deleted for a soft-delete enabled key vault.
KeyVaultSecret getSecret(String name)

Gets the latest version of the specified secret from the key vault.
KeyVaultSecret getSecret(String name, String version)

Gets the specified secret with specified version from the key vault.
Response<KeyVaultSecret> getSecretWithResponse(String name, String version, Context context)

Gets the specified secret with specified version from the key vault.
String getVaultUrl()

Gets the vault endpoint url to which service requests are sent to.
PagedIterable<DeletedSecret> listDeletedSecrets()

Lists DeletedSecret of the key vault if it has enabled soft-delete.
PagedIterable<DeletedSecret> listDeletedSecrets(Context context)

Lists DeletedSecret of the key vault if it has enabled soft-delete.
PagedIterable<SecretProperties> listPropertiesOfSecretVersions(String name)

Lists all versions of the specified secret.
PagedIterable<SecretProperties> listPropertiesOfSecretVersions(String name, Context context)

Lists all versions of the specified secret.
PagedIterable<SecretProperties> listPropertiesOfSecrets()

Lists secrets in the key vault.
PagedIterable<SecretProperties> listPropertiesOfSecrets(Context context)

Lists secrets in the key vault.
void purgeDeletedSecret(String name)

Permanently removes a deleted secret, without the possibility of recovery.
Response<Void> purgeDeletedSecretWithResponse(String name, Context context)

Permanently removes a deleted secret, without the possibility of recovery.
KeyVaultSecret restoreSecretBackup(byte[] backup)

Restores a backed up secret, and all its versions, to a vault.
Response<KeyVaultSecret> restoreSecretBackupWithResponse(byte[] backup, Context context)

Restores a backed up secret, and all its versions, to a vault.
KeyVaultSecret setSecret(KeyVaultSecret secret)

Adds a secret to the key vault if it does not exist.
KeyVaultSecret setSecret(String name, String value)

Adds a secret to the key vault if it does not exist.
Response<KeyVaultSecret> setSecretWithResponse(KeyVaultSecret secret, Context context)

Adds a secret to the key vault if it does not exist.
SecretProperties updateSecretProperties(SecretProperties secretProperties)

Updates the attributes associated with the secret.
Response<SecretProperties> updateSecretPropertiesWithResponse(SecretProperties secretProperties, Context context)

Updates the attributes associated with the secret.

Methods inherited from java.lang.Object

clone equals finalize getClass hashCode notify notifyAll toString wait wait wait

Method Details

backupSecret

public byte[] backupSecret(String name)

Requests a backup of the secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

Code sample

Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response

byte[] secretBackup = secretClient.backupSecret("secretName");
 System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);

Parameters:

name - The name of the secret.

Returns:

A Response<T> whose value contains the backed up secret blob.

backupSecretWithResponse

public Response backupSecretWithResponse(String name, Context context)

Requests a backup of the secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.

Code sample

Backs up the secret from the key vault and prints out the length of the secret's backup byte array returned in the response

byte[] secretBackup = secretClient.backupSecretWithResponse("secretName",
     new Context(key1, value1)).getValue();
 System.out.printf("Secret's Backup Byte array's length %s", secretBackup.length);

Parameters:

name - The name of the secret.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A Response<T> whose value contains the backed up secret blob.

beginDeleteSecret

public SyncPoller beginDeleteSecret(String name)

Deletes a secret from the key vault. If soft-delete is enabled on the key vault then the secret is placed in the deleted state and for permanent deletion, needs to be purged. Otherwise, the secret is permanently deleted. All versions of a secret are deleted. This cannot be applied to individual versions of a secret. This operation requires the secrets/delete permission.

Code sample

Deletes the secret from a soft-delete enabled key vault. Prints out the recovery id of the deleted secret returned in the response.

SyncPoller<DeletedSecret, Void> deleteSecretPoller = secretClient.beginDeleteSecret("secretName");

 // Deleted Secret is accessible as soon as polling begins.
 PollResponse<DeletedSecret> deleteSecretPollResponse = deleteSecretPoller.poll();

 // Deletion date only works for a SoftDelete-enabled Key Vault.
 System.out.println("Deleted Date  %s" + deleteSecretPollResponse.getValue()
     .getDeletedOn().toString());
 System.out.printf("Deleted Secret's Recovery Id %s", deleteSecretPollResponse.getValue()
     .getRecoveryId());

 // Secret is being deleted on server.
 deleteSecretPoller.waitForCompletion();

Parameters:

name - The name of the secret to be deleted.

Returns:

A SyncPoller<T,U> to poll on and retrieve the DeletedSecret.

beginRecoverDeletedSecret

public SyncPoller beginRecoverDeletedSecret(String name)

Recovers the deleted secret in the key vault to its latest version. Can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission.

Code sample

Recovers the deleted secret from the key vault enabled for soft-delete. Prints out the details of the recovered secret returned in the response.

SyncPoller<KeyVaultSecret, Void> recoverSecretPoller =
     secretClient.beginRecoverDeletedSecret("deletedSecretName");

 // Deleted Secret can be accessed as soon as polling is in progress.
 PollResponse<KeyVaultSecret> recoveredSecretPollResponse = recoverSecretPoller.poll();
 System.out.println("Recovered Key Name %s" + recoveredSecretPollResponse.getValue().getName());
 System.out.printf("Recovered Key's Id %s", recoveredSecretPollResponse.getValue().getId());

 // Key is being recovered on server.
 recoverSecretPoller.waitForCompletion();

Parameters:

name - The name of the deleted secret to be recovered.

Returns:

A SyncPoller<T,U> to poll on and retrieve the KeyVaultSecret.

getDeletedSecret

public DeletedSecret getDeletedSecret(String name)

Gets a secret that has been deleted for a soft-delete enabled key vault. This operation requires the secrets/list permission.

Code sample

Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.

DeletedSecret deletedSecret = secretClient.getDeletedSecret("secretName");
 System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());

Parameters:

name - The name of the deleted secret.

Returns:

getDeletedSecretWithResponse

public Response getDeletedSecretWithResponse(String name, Context context)

Gets a secret that has been deleted for a soft-delete enabled key vault. This operation requires the secrets/list permission.

Code sample

Gets the deleted secret from the key vault enabled for soft-delete. Prints out the details of the deleted secret returned in the response.

DeletedSecret deletedSecret = secretClient.getDeletedSecretWithResponse("secretName",
     new Context(key2, value2)).getValue();
 System.out.printf("Deleted Secret's Recovery Id %s", deletedSecret.getRecoveryId());

Parameters:

name - The name of the deleted secret.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A Response<T> whose value contains the deleted secret.

getSecret

public KeyVaultSecret getSecret(String name)

Gets the latest version of the specified secret from the key vault. This operation requires the secrets/get permission.

Code sample

Gets the latest version of the secret in the key vault. Prints out the details of the returned secret.

KeyVaultSecret secret = secretClient.getSecret("secretName");
 System.out.printf("Secret is returned with name %s and value %s%n",
     secret.getName(), secret.getValue());

Parameters:

name - The name of the secret.

Returns:

The requested KeyVaultSecret.

getSecret

public KeyVaultSecret getSecret(String name, String version)

Gets the specified secret with specified version from the key vault. This operation requires the secrets/get permission.

Code sample

Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.

String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
 KeyVaultSecret secretWithVersion = secretClient.getSecret("secretName", secretVersion);
 System.out.printf("Secret is returned with name %s and value %s%n",
     secretWithVersion.getName(), secretWithVersion.getValue());

Parameters:

name - The name of the secret, cannot be null.
version - The version of the secret to retrieve. If this is an empty string or null, this call is equivalent to calling getSecret(String name), with the latest version being retrieved.

Returns:

The requested KeyVaultSecret.

getSecretWithResponse

public Response getSecretWithResponse(String name, String version, Context context)

Gets the specified secret with specified version from the key vault. This operation requires the secrets/get permission.

Code sample

Gets a specific version of the secret in the key vault. Prints out the details of the returned secret.

String secretVersion = "6A385B124DEF4096AF1361A85B16C204";
 KeyVaultSecret secretWithVersion = secretClient.getSecretWithResponse("secretName", secretVersion,
     new Context(key2, value2)).getValue();
 System.out.printf("Secret is returned with name %s and value %s%n",
     secretWithVersion.getName(), secretWithVersion.getValue());

Parameters:

name - The name of the secret, cannot be null
version - The version of the secret to retrieve. If this is an empty string or null, this call is equivalent to calling getSecret(String name), with the latest version being retrieved.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A Response<T> whose value contains the requested KeyVaultSecret.

getVaultUrl

public String getVaultUrl()

Gets the vault endpoint url to which service requests are sent to.

Returns:

the vault endpoint url.

listDeletedSecrets

public PagedIterable listDeletedSecrets()

Lists DeletedSecret of the key vault if it has enabled soft-delete. This operation requires the secrets/list permission.

Iterate over secrets

Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.

for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets()) {
     System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId());
 }

Iterate over secrets by page

Iterate over Lists the deleted secrets by page in the key vault and for each deleted secret prints out its recovery id.

secretClient.listDeletedSecrets().iterableByPage().forEach(resp -> {
     System.out.printf("Got response headers . Url: %s, Status code: %d %n",
         resp.getRequest().getUrl(), resp.getStatusCode());
     resp.getItems().forEach(value -> {
         System.out.printf("Deleted secret's recovery Id %s", value.getRecoveryId());
     });
 });

Returns:

PagedIterable<T> of all of the DeletedSecret in the vault.

listDeletedSecrets

public PagedIterable listDeletedSecrets(Context context)

Lists DeletedSecret of the key vault if it has enabled soft-delete. This operation requires the secrets/list permission.

Code sample

Lists the deleted secrets in the key vault and for each deleted secret prints out its recovery id.

for (DeletedSecret deletedSecret : secretClient.listDeletedSecrets(new Context(key1, value2))) {
     System.out.printf("Deleted secret's recovery Id %s", deletedSecret.getRecoveryId());
 }

Parameters:

context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

PagedIterable<T> of all of the DeletedSecret in the vault.

listPropertiesOfSecretVersions

public PagedIterable listPropertiesOfSecretVersions(String name)

Lists all versions of the specified secret. Each SecretProperties returned only has its identifier and attributes populated. The secret values and secret versions are not listed in the response. This operation requires the secrets/list permission.

Code sample

The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call to getSecret(String name, String version) to get the version's value, and then prints it out.

for (SecretProperties secret : secretClient.listPropertiesOfSecretVersions("secretName")) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret's version with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }

Parameters:

name - The name of the secret.

Returns:

PagedIterable<T> of SecretProperties of all the versions of the specified secret in the vault. List is empty if secret with name does not exist in key vault

listPropertiesOfSecretVersions

public PagedIterable listPropertiesOfSecretVersions(String name, Context context)

Lists all versions of the specified secret. Each SecretProperties returned only has its identifier and attributes populated. The secret values and secret versions are not listed in the response. This operation requires the secrets/list permission.

Code sample

The sample below fetches all versions of the given secret. For each secret version retrieved, makes a call to getSecret(String name, String version) to get the version's value, and then prints it out.

for (SecretProperties secret : secretClient
     .listPropertiesOfSecretVersions("secretName", new Context(key1, value2))) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret's version with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }

Iterate over secret versions by page

The sample below iterates over each SecretProperties by each page and calls getSecret(String name, String version). This will return the KeyVaultSecret with the corresponding version's value.

secretClient.listPropertiesOfSecretVersions("secretName", new Context(key1, value2))
     .iterableByPage().forEach(resp -> {
         System.out.printf("Got response headers . Url: %s, Status code: %d %n",
             resp.getRequest().getUrl(), resp.getStatusCode());
         resp.getItems().forEach(value -> {
             KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion());
             System.out.printf("Received secret's version with name %s and value %s",
                 secretWithValue.getName(), secretWithValue.getValue());
         });
     });

Parameters:

name - The name of the secret.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

PagedIterable<T> of SecretProperties of all the versions of the specified secret in the vault. List is empty if secret with name does not exist in key vault

listPropertiesOfSecrets

public PagedIterable listPropertiesOfSecrets()

Lists secrets in the key vault. Each SecretProperties returned only has its identifier and attributes populated. The secret values and their versions are not listed in the response. This operation requires the secrets/list permission.

Iterate through secrets and fetch their latest value

The snippet below loops over each SecretProperties and calls getSecret(String name, String version). This gets the KeyVaultSecret and the value of its latest version.

for (SecretProperties secret : secretClient.listPropertiesOfSecrets()) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }

Iterate over secrets by page

The snippet below loops over each SecretProperties by page and calls getSecret(String name, String version). This gets the KeyVaultSecret and the value of its latest version.

secretClient.listPropertiesOfSecrets().iterableByPage().forEach(resp -> {
     System.out.printf("Response headers are %s. Url %s  and status code %d %n", resp.getHeaders(),
         resp.getRequest().getUrl(), resp.getStatusCode());
     resp.getItems().forEach(value -> {
         KeyVaultSecret secretWithValue = secretClient.getSecret(value.getName(), value.getVersion());
         System.out.printf("Received secret with name %s and value %s",
             secretWithValue.getName(), secretWithValue.getValue());
     });
 });

Returns:

PagedIterable<T> of SecretProperties of all the secrets in the vault. The SecretProperties contains all the information about the secret, except its value.

listPropertiesOfSecrets

public PagedIterable listPropertiesOfSecrets(Context context)

Lists secrets in the key vault. Each SecretProperties returned only has its identifier and attributes populated. The secret values and their versions are not listed in the response. This operation requires the secrets/list permission.

Iterate over secrets and fetch their latest value

The snippet below loops over each SecretProperties and calls getSecret(String name, String version). This gets the KeyVaultSecret and the value of its latest version.

for (SecretProperties secret : secretClient.listPropertiesOfSecrets(new Context(key1, value2))) {
     KeyVaultSecret secretWithValue = secretClient.getSecret(secret.getName(), secret.getVersion());
     System.out.printf("Received secret with name %s and value %s",
         secretWithValue.getName(), secretWithValue.getValue());
 }

Parameters:

context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

PagedIterable<T> of SecretProperties of all the secrets in the vault. SecretProperties contains all the information about the secret, except its value.

purgeDeletedSecret

public void purgeDeletedSecret(String name)

Permanently removes a deleted secret, without the possibility of recovery. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/purge permission.

Code sample

Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.

secretClient.purgeDeletedSecret("secretName");

Parameters:

name - The name of the secret.

purgeDeletedSecretWithResponse

public Response purgeDeletedSecretWithResponse(String name, Context context)

Permanently removes a deleted secret, without the possibility of recovery. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/purge permission.

Code sample

Purges the deleted secret from the key vault enabled for soft-delete. Prints out the status code from the server response.

Response<Void> purgeResponse = secretClient.purgeDeletedSecretWithResponse("secretName",
     new Context(key1, value1));
 System.out.printf("Purge Status Code: %d", purgeResponse.getStatusCode());

Parameters:

name - The name of the secret.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A response containing status code and HTTP headers.

restoreSecretBackup

public KeyVaultSecret restoreSecretBackup(byte[] backup)

Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

Code sample

Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.

// Pass the secret backup byte array of the secret to be restored.
 byte[] secretBackupByteArray = {};
 KeyVaultSecret restoredSecret = secretClient.restoreSecretBackup(secretBackupByteArray);
 System.out
     .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());

Parameters:

backup - The backup blob associated with the secret.

Returns:

A Response<T> whose value contains the KeyVaultSecret.

restoreSecretBackupWithResponse

public Response restoreSecretBackupWithResponse(byte[] backup, Context context)

Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.

Code sample

Restores the secret in the key vault from its backup byte array. Prints out the details of the restored secret returned in the response.

// Pass the secret backup byte array of the secret to be restored.
 byte[] secretBackupByteArray = {};
 KeyVaultSecret restoredSecret = secretClient.restoreSecretBackupWithResponse(secretBackupByteArray,
     new Context(key2, value2)).getValue();
 System.out
     .printf("Restored Secret with name %s and value %s", restoredSecret.getName(), restoredSecret.getValue());

Parameters:

backup - The backup blob associated with the secret.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A Response<T> whose value contains the KeyVaultSecret.

setSecret

public KeyVaultSecret setSecret(KeyVaultSecret secret)

Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

The getExpiresOn(), getContentType(), and getNotBefore() values in secret are optional. If not specified, isEnabled() is set to true by key vault.

Code sample

Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue")
     .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)));
 KeyVaultSecret returnedSecret = secretClient.setSecret(newSecret);
 System.out.printf("Secret is created with name %s and value %s%n", returnedSecret.getName(),
     returnedSecret.getValue());

Parameters:

secret - The Secret object containing information about the secret and its properties. The properties getName() and getValue() cannot be null.

Returns:

setSecret

public KeyVaultSecret setSecret(String name, String value)

Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

Code sample

Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

KeyVaultSecret secret = secretClient.setSecret("secretName", "secretValue");
 System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());

Parameters:

name - The name of the secret. It is required and cannot be null.
value - The value of the secret. It is required and cannot be null.

Returns:

setSecretWithResponse

public Response setSecretWithResponse(KeyVaultSecret secret, Context context)

Adds a secret to the key vault if it does not exist. If the named secret exists, a new version of the secret is created. This operation requires the secrets/set permission.

Code sample

Creates a new secret in the key vault. Prints out the details of the newly created secret returned in the response.

KeyVaultSecret newSecret = new KeyVaultSecret("secretName", "secretValue")
     .setProperties(new SecretProperties().setExpiresOn(OffsetDateTime.now().plusDays(60)));
 KeyVaultSecret secret = secretClient.setSecretWithResponse(newSecret, new Context(key1, value1)).getValue();
 System.out.printf("Secret is created with name %s and value %s%n", secret.getName(), secret.getValue());

Parameters:

secret - The Secret object containing information about the secret and its properties. The properties secret.name and secret.value must be non null.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A Response<T> whose value contains the KeyVaultSecret.

updateSecretProperties

public SecretProperties updateSecretProperties(SecretProperties secretProperties)

Updates the attributes associated with the secret. The value of the secret in the key vault cannot be changed. Only attributes populated in secretProperties are changed. Attributes not specified in the request are not changed. This operation requires the secrets/set permission.

The secret is required and its fields getName() and getVersion() cannot be null.

Code sample

Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault.

SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties();
 secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60));
 SecretProperties updatedSecretProperties = secretClient.updateSecretProperties(secretProperties);
 KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretProperties.getName());
 System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n",
     updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());

Parameters:

secretProperties - The SecretProperties object with updated properties.

Returns:

updateSecretPropertiesWithResponse

public Response updateSecretPropertiesWithResponse(SecretProperties secretProperties, Context context)

Updates the attributes associated with the secret. The value of the secret in the key vault cannot be changed. Only attributes populated in secretProperties are changed. Attributes not specified in the request are not changed. This operation requires the secrets/set permission.

The secret is required and its fields getName() and getVersion() cannot be null.

Code sample

Gets the latest version of the secret, changes its expiry time, and the updates the secret in the key vault.

SecretProperties secretProperties = secretClient.getSecret("secretName").getProperties();
 secretProperties.setExpiresOn(OffsetDateTime.now().plusDays(60));
 SecretProperties updatedSecretBase = secretClient.updateSecretPropertiesWithResponse(secretProperties,
     new Context(key2, value2)).getValue();
 KeyVaultSecret updatedSecret = secretClient.getSecret(updatedSecretBase.getName());
 System.out.printf("Updated Secret is returned with name %s, value %s and expires %s%n",
     updatedSecret.getName(), updatedSecret.getValue(), updatedSecret.getProperties().getExpiresOn());

Parameters:

secretProperties - The SecretProperties object with updated properties.
context - Additional context that is passed through the HTTP pipeline during the service call.

Returns:

A Response<T> whose value contains the SecretProperties.

Applies to