Update-AzKeyVaultKey
Updates the attributes of a key in a key vault.
Syntax
Update-AzKeyVaultKey
[-VaultName] <String>
[-Name] <String>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-KeyOps <String[]>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzKeyVaultKey
-HsmName <String>
[-Name] <String>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-KeyOps <String[]>]
[-Immutable]
[-ReleasePolicyPath <String>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzKeyVaultKey
[-InputObject] <PSKeyVaultKeyIdentityItem>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-KeyOps <String[]>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Update-AzKeyVaultKey cmdlet updates the editable attributes of a key in a key vault.
Examples
Example 1: Modify a key to enable it, and set the expiration date and tags
$Expires = (Get-Date).AddYears(2).ToUniversalTime()
$Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
Update-AzKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True -Tag $Tags -PassThru
Vault Name : Contoso
Name : ITSoftware
Version : 394f9379a47a4e2086585468de6c7ae5
Id : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled : True
Expires : 5/25/2020 7:58:07 PM
Not Before :
Created : 4/6/2018 11:31:36 PM
Updated : 5/25/2018 7:59:02 PM
Purge Disabled : False
Tags : Name Value
Severity high
Accounting trueThe first command creates a DateTime object by using the Get-Date cmdlet. That object
specifies a time two years in the future. The command stores that date in the $Expires variable.
For more information, type Get-Help Get-Date.
The second command creates a variable to store tag values of high severity and Accounting.
The final command modifies a key named ITSoftware. The command enables the key, sets its expiration
time to the time stored in $Expires, and sets the tags that are stored in $Tags.
Example 2: Modify a key to delete all tags
Update-AzKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Version '394f9379a47a4e2086585468de6c7ae5' -Tag @{}
Vault Name : Contoso
Name : ITSoftware
Version : 394f9379a47a4e2086585468de6c7ae5
Id : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled : True
Expires : 5/25/2020 7:58:07 PM
Not Before :
Created : 4/6/2018 11:31:36 PM
Updated : 5/25/2018 8:00:08 PM
Purge Disabled : False
Tags :This commands deletes all tags for a specific version of a key named ITSoftware.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Enable
Value of true enables the key and a value of false disabless the key. If not specified, the existing enabled/disabled state remains unchanged.
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Expires
The expiration time of a key in UTC time. If not specified, the existing expiration time of the key remains unchanged. Please notice that expirys is ignored for Key Exchange Key used in BYOK process.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-HsmName
HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Immutable
Sets the release policy as immutable state. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Key object
| Type: | PSKeyVaultKeyIdentityItem |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyOps
The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.
| Type: | String |
| Aliases: | KeyName |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NotBefore
The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ReleasePolicyPath
A path to a file containing JSON policy definition. The policy rules under which a key can be exported.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Tag
A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.
| Type: | Hashtable |
| Aliases: | Tags |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VaultName
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Version
Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.
| Type: | String |
| Aliases: | KeyVersion |
| Position: | 2 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |