Get-AzKeyVault
Gets key vaults.
Syntax
GetVaultByName (Default)
Get-AzKeyVault
[[-VaultName] <String>]
[[-ResourceGroupName] <String>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-SubscriptionId <String>]
[<CommonParameters>]
ByDeletedVault
Get-AzKeyVault
[-VaultName] <String>
[-Location] <String>
[-InRemovedState]
[-DefaultProfile <IAzureContextContainer>]
[-SubscriptionId <String>]
[<CommonParameters>]
ListAllDeletedVaultsInSubscription
Get-AzKeyVault
[-InRemovedState]
[-DefaultProfile <IAzureContextContainer>]
[-SubscriptionId <String>]
[<CommonParameters>]
Description
The Get-AzKeyVault cmdlet gets information about the key vaults in a subscription. You can view all key vaults instances in a subscription, or filter your results by a resource group or a particular key vault. Note that although specifying the resource group is optional for this cmdlet when you get a single key vault, you should do so for better performance.
The cmdlet may call below Microsoft Graph API according to input parameters:
- GET /directoryObjects/{id}
- GET /users/{id}
- GET /servicePrincipals/{id}
- GET /groups/{id}
Examples
Example 1: Get all key vaults in your current subscription
Get-AzKeyVault
Vault Name : myvault1
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers/Microsoft.Ke
yVault/vaults/myvault1
Tags :
Vault Name : myvault2
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault2
Tags :
Vault Name : myvault3
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault3
Tags :
This command gets all the key vaults in your current subscription.
Example 2: Get a specific key vault
Get-AzKeyVault -VaultName 'myvault'
Vault Name : myvault
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
/Microsoft.KeyVault/vaults/myvault
Vault URI : https://myvault.vault.azure.net/
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU : Standard
Enabled For Deployment? : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Object ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Application ID :
Display Name : User Name (username@microsoft.com)
Permissions to Keys : get, create, delete, list, update,
import, backup, restore, recover
Permissions to Secrets : get, list, set, delete, backup,
restore, recover
Permissions to Certificates : get, delete, list, create, import,
update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
setissuers, recover
Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
listsas, regeneratekey, set, setsas, update
Tags :
This command gets the key vault named myvault in your current subscription.
Example 3: Get key vaults in a resource group
Get-AzKeyVault -ResourceGroupName 'myrg1'
Vault Name : myvault2
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault2
Tags :
Vault Name : myvault3
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault3
Tags :
This command gets all the key vaults in the resource group named ContosoPayRollResourceGroup.
Example 4: Get all deleted key vaults in your current subscription
Get-AzKeyVault -InRemovedState
Vault Name : myvault4
Location : westus
Id : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.KeyVault/locations/westu
s/deletedVaults/myvault4
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers/Microsoft.K
eyVault/vaults/myvault4
Deletion Date : 5/24/2018 9:33:24 PM
Scheduled Purge Date : 8/22/2018 9:33:24 PM
Tags :
This command gets all the deleted key vaults in your current subscription.
Example 5: Get a deleted key vault
Get-AzKeyVault -VaultName 'myvault4' -Location 'westus' -InRemovedState
Vault Name : myvault4
Location : westus
Id : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.KeyVault/locations/westu
s/deletedVaults/myvault4
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers/Microsoft.K
eyVault/vaults/myvault4
Deletion Date : 5/24/2018 9:33:24 PM
Scheduled Purge Date : 8/22/2018 9:33:24 PM
Tags :
This command gets the deleted key vault information named myvault4 in your current subscription and in westus region.
Example 6: Get key vaults using filtering
Get-AzKeyVault -VaultName 'myvault*'
Vault Name : myvault2
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault2
Tags :
Vault Name : myvault3
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault3
Tags :
This command gets all the key vaults in the subscription that start with "myvault".
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InRemovedState
Specifies whether to show the previously deleted vaults in the output.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
ByDeletedVault
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
ListAllDeletedVaultsInSubscription
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Location
The location of the deleted vault.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
ByDeletedVault
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ResourceGroupName
Specifies the name of the resource group associated with the key vault or key vaults being queried.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | True |
| DontShow: | False |
Parameter sets
GetVaultByName
| Position: | 1 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-SubscriptionId
The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Tag
Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"}
Parameter properties
| Type: | Hashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetVaultByName
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-VaultName
Specifies the name of the key vault.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | True |
| DontShow: | False |
| Aliases: | Name |
Parameter sets
GetVaultByName
| Position: | 0 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
