Remove-AzKeyVaultSecret

Module:

Az.KeyVault

Deletes a secret in a key vault.

Syntax

PowerShell

Remove-AzKeyVaultSecret
      [-VaultName] <String>
      [-Name] <String>
      [-Force]
      [-PassThru]
      [-InRemovedState]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

PowerShell

Remove-AzKeyVaultSecret
      [-Id] <String>
      [-Force]
      [-PassThru]
      [-InRemovedState]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

PowerShell

Remove-AzKeyVaultSecret
      [-InputObject] <PSKeyVaultSecretIdentityItem>
      [-Force]
      [-PassThru]
      [-InRemovedState]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Remove-AzKeyVaultSecret cmdlet deletes a secret in a key vault. If the secret was accidentally deleted the secret can be recovered using Undo-AzKeyVaultSecretRemoval by a user with special 'recover' permissions. This cmdlet has a value of high for the ConfirmImpact property.

Examples

Example 1: Remove a secret from a key vault

PowerShell

Remove-AzKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' -PassThru

Vault Name           : Contoso
Name                 : FinanceSecret
Version              : f622abc7b1394092812f1eb0f85dc91c
Id                   : https://contoso.vault.azure.net:443/secrets/financesecret/f622abc7b1394092812f1eb0f85dc91c
Deleted Date         : 5/25/2018 4:45:34 PM
Scheduled Purge Date : 8/23/2018 4:45:34 PM
Enabled              : True
Expires              :
Not Before           :
Created              : 4/19/2018 5:56:02 PM
Updated              : 4/26/2018 7:48:40 PM
Content Type         :
Tags                 :

This command removes the secret named FinanceSecret from the key vault named Contoso.'

Example 2: Remove a secret from a key vault without user confirmation

PowerShell

Remove-AzKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' -PassThru -Force

Vault Name           : Contoso
Name                 : FinanceSecret
Version              : f622abc7b1394092812f1eb0f85dc91c
Id                   : https://contoso.vault.azure.net:443/secrets/financesecret/f622abc7b1394092812f1eb0f85dc91c
Deleted Date         : 5/25/2018 4:45:34 PM
Scheduled Purge Date : 8/23/2018 4:45:34 PM
Enabled              : True
Expires              :
Not Before           :
Created              : 4/19/2018 5:56:02 PM
Updated              : 4/26/2018 7:48:40 PM
Content Type         :
Tags                 :

This command removes the secret named FinanceSecret from the key vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.

Example 3: Remove a secret from a key vault (using uri)

PowerShell

Remove-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net:443/secrets/financesecret' -PassThru

Vault Name           : Contoso
Name                 : FinanceSecret
Version              : f622abc7b1394092812f1eb0f85dc91c
Id                   : https://contoso.vault.azure.net:443/secrets/financesecret/f622abc7b1394092812f1eb0f85dc91c
Deleted Date         : 5/25/2018 4:45:34 PM
Scheduled Purge Date : 8/23/2018 4:45:34 PM
Enabled              : True
Expires              :
Not Before           :
Created              : 4/19/2018 5:56:02 PM
Updated              : 4/26/2018 7:48:40 PM
Content Type         :
Tags                 :

This command removes the secret named 'FinanceSecret' from the key vault named 'Contoso'.

Example 4: Remove a secret in Azure Key Vault by command Remove-Secret in module Microsoft.PowerShell.SecretManagement

PowerShell

# Install module Microsoft.PowerShell.SecretManagement
Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -AllowPrerelease
# Register vault for Secret Management
Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }
# Set secret for vault AzKeyVault
$secure = ConvertTo-SecureString -String "****" -AsPlainText -Force
Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure 
Remove-Secret -Vault AzKeyVault -Name secureSecret

None

This example removes a secret named secureSecret in Azure Key Vault test-kv by command Remove-Secret in module Microsoft.PowerShell.SecretManagement.

Example 4: Purge deleted secret from the key vault permanently

PowerShell

Remove-AzKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' -InRemovedState

This command removes the secret named FinanceSecret from the key vault named Contoso permanently. Executing this cmdlet requires the 'purge' permission, which must have been previously and explicitly granted to the user for this key vault.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Force

Forces the command to run without asking for user confirmation.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Id

The URI of the KeyVault Secret. Please ensure it follows the format: https://<vault-name>.vault.azure.net/secrets/<secret-name>/<version>

Type:	String
Aliases:	SecretId
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

Key Vault Secret Object

Type:	PSKeyVaultSecretIdentityItem
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-InRemovedState

If present, removes the previously deleted secret permanently.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the key vault, and your current environment.

Type:	String
Aliases:	SecretName
Position:	1
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-PassThru

Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not generate any output.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-VaultName

Specifies the name of the key vault to which the secret belongs. This cmdlet constructs the FQDN of a key vault based on the name that this parameter specifies and your current environment.

Type:	String
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

PSKeyVaultSecretIdentityItem

Outputs

PSDeletedKeyVaultSecret

Related Links

• Get-AzKeyVaultSecret
• Set-AzKeyVaultSecret
• Undo-AzKeyVaultSecretRemoval