Get-Secret
Finds and returns a secret by name from registered vaults.
Syntax
Get-Secret
[-Name] <String>
[[-Vault] <String>]
[-AsPlainText]
[<CommonParameters>]Get-Secret
[-InputObject] <SecretInformation>
[-AsPlainText]
[<CommonParameters>]Description
This cmdlet finds and returns the first secret that matches the provided name. If a vault name is specified, only that vault is searched. Otherwise, it searches all vaults and returns the first matching result. If the vault registry has a default vault, the cmdlet searches that vault before any other registered vault. Secrets that are String or SecureString types are returned as SecureString objects by default.
Examples
Example 1
Get-Secret -Name Secret1 -Vault CredMan
Get-Secret -Name Secret1 -Vault CredMan -AsPlainText
System.Security.SecureString
PlainTextSecretStringThis example searches for a secret with the name Secret1, which is a String type secret. The
first command returns the secret as a SecureString object. The second command uses the
AsPlainText parameter to return the secret as a String object instead, displaying in the
console as plain text.
Example 2
Get-SecretInfo -Name Secret2 -Vault SecretStore | Get-Secret -AsPlainTextThis example retrieves secret information for the secret named Secret2 in the vault named
SecretStore. It then sends the result through the pipeline to Get-Secret, which searches for the
secret and returns it as plain text.
Parameters
-AsPlainText
Specifies that a secret whose type is String or SecureString should be returned as a String (in plain text) instead of a SecureString. If the secret being retrieved is not a String or SecureString, this parameter has no effect.
Caution
To ensure security, you should avoid using plaintext strings whenever possible.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specifies a SecretInformation object representing a vault secret instead of specifying the
Name and Vault parameters. You can get a SecretInformation object with the
Get-SecretInfo cmdlet.
| Type: | SecretInformation |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Specifies the name of the secret to retrieve. Wildcard characters are not permitted.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Vault
Specifies the name of the registered vault to retrieve the secret from. If no vault name is specified, then all registered vaults are searched. If the vault registry has a default vault and this parameter is not specified, then the default vault is searched before the other registered vaults.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.PowerShell.SecretManagement.SecretInformation
Outputs
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for