Update-AzKeyVaultSecret
Updates attributes of a secret in a key vault.
Syntax
Update-AzKeyVaultSecret
[-VaultName] <String>
[-Name] <String>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-ContentType <String>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzKeyVaultSecret
[-InputObject] <PSKeyVaultSecretIdentityItem>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-ContentType <String>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Update-AzKeyVaultSecret cmdlet updates editable attributes of a secret in a key vault.
Examples
Example 1: Modify the attributes of a secret
$Expires = (Get-Date).AddYears(2).ToUniversalTime()
$Nbf = (Get-Date).ToUniversalTime()
$Tags = @{ 'Severity' = 'medium'; 'HR' = 'true'}
$ContentType= 'xml'
Update-AzKeyVaultSecret -VaultName 'ContosoVault' -Name 'HR' -Expires $Expires -NotBefore $Nbf -ContentType $ContentType -Enable $True -Tag $Tags -PassThru
Vault Name : ContosoVault
Name : HR
Version : d476edfcd3544017a03bc49c1f3abec0
Id : https://ContosoVault.vault.azure.net:443/secrets/HR/d476edfcd3544017a03bc49c1f3abec0
Enabled : True
Expires : 5/25/2020 8:01:58 PM
Not Before : 5/25/2018 8:02:02 PM
Created : 4/11/2018 11:45:06 PM
Updated : 5/25/2018 8:02:45 PM
Content Type : xml
Tags : Name Value
Severity medium
HR trueThe first four commands define attributes for the expiry date, the NotBefore date, tags, and context type, and store the attributes in variables. The final command modifies the attributes for the secret named HR in the key vault named ContosoVault, using the stored variables.
Example 2: Delete the tags and content type for a secret
Update-AzKeyVaultSecret -VaultName 'ContosoVault' -Name 'HR' -Version '9EEA45C6EE50490B9C3176A80AC1A0DF' -ContentType '' -Tag @{}This command deletes the tags and the content type for the specified version of the secret named HR in the key vault named Contoso.
Example 3: Disable the current version of secrets whose name begins with IT
$Vault = 'ContosoVault'
$Prefix = 'IT'
Get-AzKeyVaultSecret $Vault | Where-Object {$_.Name -like $Prefix + '*'} | Update-AzKeyVaultSecret -Enable $FalseThe first command stores the string value Contoso in the $Vault variable. The second command stores the string value IT in the $Prefix variable. The third command uses the Get-AzKeyVaultSecret cmdlet to get the secrets in the specified key vault, and then passes those secrets to the Where-Object cmdlet. The Where-Object cmdlet filters the secrets for names that begin with the characters IT. The command pipes the secrets that match the filter to the Update-AzKeyVaultSecret cmdlet, which disables them.
Example 4: Set the ContentType for all versions of a secret
$VaultName = 'ContosoVault'
$Name = 'HR'
$ContentType = 'xml'
Get-AzKeyVaultKey -VaultName $VaultName -Name $Name -IncludeVersions | Update-AzKeyVaultSecret -ContentType $ContentTypeThe first three commands define string variables to use for the VaultName, Name, and ContentType parameters. The fourth command uses the Get-AzKeyVaultKey cmdlet to get the specified keys, and pipes the keys to the Update-AzKeyVaultSecret cmdlet to set their content type to XML.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ContentType
Secret's content type. If not specified, the existing value of the secret's content type remains unchanged. Remove the existing content type value by specifying an empty string.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Enable
If present, enable a secret if value is true. Disable a secret if value is false. If not specified, the existing value of the secret's enabled/disabled state remains unchanged.
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Expires
The expiration time of a secret in UTC time. If not specified, the existing value of the secret's expiration time remains unchanged.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Secret object
| Type: | PSKeyVaultSecretIdentityItem |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.
| Type: | String |
| Aliases: | SecretName |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NotBefore
The UTC time before which secret can't be used. If not specified, the existing value of the secret's NotBefore attribute remains unchanged.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Cmdlet does not return object by default. If this switch is specified, return Secret object.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Tag
A hashtable representing secret tags. If not specified, the existing tags of the secret remain unchanged. Remove a tag by specifying an empty Hashtable.
| Type: | Hashtable |
| Aliases: | Tags |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VaultName
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Version
Secret version. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment, secret name and secret version.
| Type: | String |
| Aliases: | SecretVersion |
| Position: | 2 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for