Get-AzureKeyVaultKey

Gets Key Vault keys.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Get-AzureKeyVaultKey
   [-VaultName] <String>
   [[-Name] <String>]
   [-InRemovedState]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-VaultName] <String>
   [-Name] <String>
   [-Version] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-VaultName] <String>
   [-Name] <String>
   [-IncludeVersions]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-InputObject] <PSKeyVault>
   [[-Name] <String>]
   [-InRemovedState]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-InputObject] <PSKeyVault>
   [-Name] <String>
   [-Version] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-InputObject] <PSKeyVault>
   [-Name] <String>
   [-IncludeVersions]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-ResourceId] <String>
   [[-Name] <String>]
   [-InRemovedState]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-ResourceId] <String>
   [-Name] <String>
   [-Version] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Get-AzureKeyVaultKey
   [-ResourceId] <String>
   [-Name] <String>
   [-IncludeVersions]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The Get-AzureKeyVaultKey cmdlet gets Azure Key Vault keys. This cmdlet gets a specific Microsoft.Azure.Commands.KeyVault.Models.KeyBundle or a list of all KeyBundle objects in a key vault or by version.

Examples

Example 1: Get all the keys in a key vault

PS C:\> Get-AzureKeyVaultKey -VaultName 'contoso'

Vault Name     : contoso
Name           : test1
Version        :
Id             : https://contoso.vault.azure.net:443/keys/test1
Enabled        : True
Expires        : 11/24/2018 6:08:13 PM
Not Before     : 5/24/2018 5:58:13 PM
Created        : 5/24/2018 6:08:13 PM
Updated        : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags           :

Vault Name     : contoso
Name           : test2
Version        :
Id             : https://contoso.vault.azure.net:443/keys/test2
Enabled        : True
Expires        : 11/24/2018 6:09:44 PM
Not Before     : 5/24/2018 5:59:44 PM
Created        : 5/24/2018 6:09:44 PM
Updated        : 5/24/2018 6:09:44 PM
Purge Disabled : False
Tags           :

This command gets all the keys in the key vault named Contoso.

Example 2: Get the current version of a key

PS C:\> Get-AzureKeyVaultKey -VaultName 'contoso' -KeyName 'test1'

Vault Name     : contoso
Name           : test1
Version        : 7fe415d5518240c1a6fce89986b8d334
Id             : https://contoso.vault.azure.net:443/keys/test1/7fe415d5518240c1a6fce89986b8d334
Enabled        : True
Expires        : 11/24/2018 6:08:13 PM
Not Before     : 5/24/2018 5:58:13 PM
Created        : 5/24/2018 6:08:13 PM
Updated        : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags           :

This command gets the current version of the key named test1 in the key vault named Contoso.

Example 3: Get all versions of a key

PS C:\> Get-AzureKeyVaultKey -VaultName 'contoso' -KeyName 'test1' -IncludeVersions

Vault Name     : contoso
Name           : test1
Version        : 7fe415d5518240c1a6fce89986b8d334
Id             : https://contoso.vault.azure.net:443/keys/test1/7fe415d5518240c1a6fce89986b8d334
Enabled        : True
Expires        : 11/24/2018 6:08:13 PM
Not Before     : 5/24/2018 5:58:13 PM
Created        : 5/24/2018 6:08:13 PM
Updated        : 5/24/2018 6:08:13 PM
Purge Disabled : False
Tags           :

Vault Name     : contoso
Name           : test1
Version        : e4e95940e669407fbdb4298bc21a3e1d
Id             : https://contoso.vault.azure.net:443/keys/test1/e4e95940e669407fbdb4298bc21a3e1d
Enabled        : False
Expires        : 11/24/2018 6:08:08 PM
Not Before     : 5/24/2018 5:58:08 PM
Created        : 5/24/2018 6:08:08 PM
Updated        : 5/24/2018 6:08:08 PM
Purge Disabled : False
Tags           :

This command gets all versions the key named ITPfx in the key vaultnamed Contoso.

Example 4: Get a specific version of a key

PS C:\> Get-AzureKeyVaultKey -VaultName 'contoso' -KeyName 'test1' -Version 'e4e95940e669407fbdb4298bc21a3e1d'

Vault Name     : contoso
Name           : test1
Version        : e4e95940e669407fbdb4298bc21a3e1d
Id             : https://contoso.vault.azure.net:443/keys/test1/e4e95940e669407fbdb4298bc21a3e1d
Enabled        : False
Expires        : 11/24/2018 6:08:08 PM
Not Before     : 5/24/2018 5:58:08 PM
Created        : 5/24/2018 6:08:08 PM
Updated        : 5/24/2018 6:08:08 PM
Purge Disabled : False
Tags           :

This command gets a specific version of the key named test1 in the key vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $Key object.

Example 5: Get all the keys that have been deleted but not purged for this key vault.

PS C:\> Get-AzureKeyVaultKey -VaultName 'contoso' -InRemovedState

Vault Name           : contoso
Name                 : test3
Id                   : https://contoso.vault.azure.net:443/keys/test3
Deleted Date         : 5/24/2018 8:32:42 PM
Scheduled Purge Date : 8/22/2018 8:32:42 PM
Enabled              : True
Expires              :
Not Before           :
Created              : 5/24/2018 8:32:27 PM
Updated              : 5/24/2018 8:32:27 PM
Purge Disabled       : False
Tags                 :

This command gets all the keys that have been previously deleted, but not purged, in the key vault named Contoso.

Example 6: Gets the key ITPfx that has been deleted but not purged for this key vault.

PS C:\> Get-AzureKeyVaultKey -VaultName 'contoso' -KeyName 'test3' -InRemovedState

Vault Name           : contoso
Name                 : test3
Id                   : https://contoso.vault.azure.net:443/keys/test3/1af807cc331a49d0b52b7c75e1b2366e
Deleted Date         : 5/24/2018 8:32:42 PM
Scheduled Purge Date : 8/22/2018 8:32:42 PM
Enabled              : True
Expires              :
Not Before           :
Created              : 5/24/2018 8:32:27 PM
Updated              : 5/24/2018 8:32:27 PM
Purge Disabled       : False
Tags                 :

This command gets the key test3 that has been previously deleted, but not purged, in the key vault named Contoso. This command will return metadata such as the deletion date, and the scheduled purging date of this deleted key.

Parameters

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IncludeVersions

Indicates that this cmdlet gets all versions of a key. The current version of a key is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters. If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the key with the specified Name.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

KeyVault object.

Type:PSKeyVault
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-InRemovedState

Specifies whether to show the previously deleted keys in the output

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of the key bundle to get.

Type:String
Aliases:KeyName
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceId

KeyVault Resource Id.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-VaultName

Specifies the name of the key vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name that this parameter specifies and your selected environment.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Version

Specifies the key version. This cmdlet constructs the FQDN of a key based on the key vault name, your currently selected environment, the key name, and the key version.

Type:String
Aliases:KeyVersion
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSKeyVault

Parameters: InputObject (ByValue)

String

Outputs

PSKeyVaultKeyIdentityItem

PSKeyVaultKey

PSDeletedKeyVaultKeyIdentityItem

PSDeletedKeyVaultKey