Vault Name : ContosoVault
Name : HR
Version : d476edfcd3544017a03bc49c1f3abec0
Id : https://ContosoVault.vault.azure.net:443/secrets/HR/d476edfcd3544017a03bc49c1f3abec0
Enabled : True
Expires : 5/25/2020 8:01:58 PM
Not Before : 5/25/2018 8:02:02 PM
Created : 4/11/2018 11:45:06 PM
Updated : 5/25/2018 8:02:45 PM
Content Type : xml
Tags : Name Value
Severity medium
HR true
The first four commands define attributes for the expiry date, the NotBefore date, tags, and
context type, and store the attributes in variables.
The final command modifies the attributes for the secret named HR in the key vault named
ContosoVault, using the stored variables.
Example 2: Delete the tags and content type for a secret
The first command stores the string value Contoso in the $Vault variable.
The second command stores the string value IT in the $Prefix variable.
The third command uses the Get-AzKeyVaultSecret cmdlet to get the secrets in the specified key
vault, and then passes those secrets to the Where-Object cmdlet. The Where-Object cmdlet
filters the secrets for names that begin with the characters IT. The command pipes the secrets that
match the filter to the Update-AzKeyVaultSecret cmdlet, which disables them.
Example 4: Set the ContentType for all versions of a secret
The first three commands define string variables to use for the VaultName, Name, and
ContentType parameters. The fourth command uses the Get-AzKeyVaultKey cmdlet to get the
specified keys, and pipes the keys to the Update-AzKeyVaultSecret cmdlet to set their
content type to XML.
Example 5: Delete the tags and content type for a secret (using Uri)
This command deletes the tags and the content type for the specified version of the secret named HR
in the key vault named Contoso.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
cf
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ContentType
Secret's content type.
If not specified, the existing value of the secret's content type remains unchanged.
Remove the existing content type value by specifying an empty string.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type:
IAzureContextContainer
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Enable
If present, enable a secret if value is true.
Disable a secret if value is false.
If not specified, the existing value of the secret's enabled/disabled state remains unchanged.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Expires
The expiration time of a secret in UTC time.
If not specified, the existing value of the secret's expiration time remains unchanged.
Parameter properties
Type:
DateTime
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Id
The URI of the KeyVault Secret.
Please ensure it follows the format: https://<vault-name>.vault.azure.net/secrets/<secret-name>/<version>
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
SecretId
Parameter sets
BySecretUri
Position:
0
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-InputObject
Secret object
Parameter properties
Type:
PSKeyVaultSecretIdentityItem
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
InputObject
Position:
0
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Name
Secret name.
Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
SecretName
Parameter sets
Default
Position:
1
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-NotBefore
The UTC time before which secret can't be used.
If not specified, the existing value of the secret's NotBefore attribute remains unchanged.
Parameter properties
Type:
DateTime
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-PassThru
Cmdlet does not return object by default.
If this switch is specified, return Secret object.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Tag
A hashtable representing secret tags.
If not specified, the existing tags of the secret remain unchanged.
Remove a tag by specifying an empty Hashtable.
Parameter properties
Type:
Hashtable
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
Tags
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-VaultName
Vault name.
Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
Default
Position:
0
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Version
Secret version.
Cmdlet constructs the FQDN of a secret from vault name, currently selected environment, secret name and secret version.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
SecretVersion
Parameter sets
(All)
Position:
2
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
