diff --git a/setup/azurecmdfiles.wxi b/setup/azurecmdfiles.wxi
index e1a98f246399..580369193847 100644
--- a/setup/azurecmdfiles.wxi
+++ b/setup/azurecmdfiles.wxi
@@ -263,6 +263,9 @@
+
+
+
@@ -880,6 +883,9 @@
+
+
+
@@ -3881,6 +3887,7 @@
+
@@ -4074,6 +4081,7 @@
+
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj
index 5a011786732d..9c96a7ed4369 100644
--- a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj
+++ b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj
@@ -207,7 +207,11 @@
Resources.Designer.cs
-
+
+
+ PreserveNewest
+
+
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-help.xml b/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-help.xml
new file mode 100644
index 000000000000..cb563bd75660
--- /dev/null
+++ b/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-help.xml
@@ -0,0 +1,4583 @@
+
+
+
+
+
+ Add-AzureKeyVaultKey
+
+ Creates a key in a vault or imports a key into a vault.
+
+
+
+
+ Add
+ AzureKeyVaultKey
+
+
+
+ The Add-AzureKeyVaultKey cmdlet creates a key in an Azure Key Vault, or imports a key into a vault. Use this cmdlet to add keys by using any of the following methods:
+
+-- Create a key in a hardware security module (HSM) in the Azure Key Vault service.
+-- Create a key in software in the Azure Key Vault service.
+-- Import a key from your own hardware security module (HSM) to HSMs in the Azure Key Vault service.
+-- Import a key from a .pfx file on your computer.
+-- Import a key from a .pfx file on your computer to hardware security modules (HSMs) in the Azure Key Vault service.
+
+For any of these operations, you can provide key attributes or accept default settings.
+
+If you create or import a key that has the same name as an existing key in your key vault, the original key is updated with the values that you specify for the new key. You can access the previous values by using the version-specific URI for that version of the key. To learn about key versions and the URI structure, see "About Keys and Secrets" in the Key Vault REST API documentation (http://go.microsoft.com/fwlink/?linkid=518560).
+
+Note: To import a key from your own hardware security module, you must first generate a BYOK package (a file with a .byok file name extension) by using the Azure Key Vault BYOK toolset. For more information, see How to Generate and Transfer HSM-Protected Keys for Azure Key Vault (http://go.microsoft.com/fwlink/?LinkId=522252).
+
+
+
+ Add-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).
+
+ String
+
+
+ Destination
+
+ Specifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software.
+ Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).
+ This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional:
+
+-- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key.
+-- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.
+
+
+ HSM
+ Software
+
+
+
+ Disable
+
+ Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.
+
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.
+
+ Nullable [DateTime]
+
+
+ KeyFilePassword
+
+ Specifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension.
+
+ SecureString
+
+
+ KeyOps
+
+ Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.
+ The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key (JWK) specification (http://go.microsoft.com/fwlink/?LinkID=613300&clcid=0x409):
+
+-- Encrypt
+-- Decrypt
+-- Wrap
+-- Unwrap
+-- Sign
+-- Verify
+-- Backup
+-- Restore
+
+ String[]
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately.
+
+ Nullable [DateTime]
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ Tags
+
+ Specifies a hash table that represents resource tags. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+
+ KeyFilePath
+
+ Specifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx.
+
+-- If the file is a .byok file, the key is automatically protected by HSMs after the import and you cannot override this default.
+-- If the file is a .pfx file, the key is automatically protected by software after the import. To override this default, set the Destination parameter to HSM so that the key is HSM-protected.
+ When you specify this parameter, the Destination parameter is optional.
+
+ String
+
+
+
+ Add-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).
+
+ String
+
+
+ Disable
+
+ Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.
+
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.
+
+ Nullable [DateTime]
+
+
+ KeyOps
+
+ Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.
+ The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key (JWK) specification (http://go.microsoft.com/fwlink/?LinkID=613300&clcid=0x409):
+
+-- Encrypt
+-- Decrypt
+-- Wrap
+-- Unwrap
+-- Sign
+-- Verify
+-- Backup
+-- Restore
+
+ String[]
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately.
+
+ Nullable [DateTime]
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ Tags
+
+ Specifies a hash table that represents resource tags. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+
+ Destination
+
+ Specifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software.
+ Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).
+ This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional:
+
+-- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key.
+-- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.
+
+
+ HSM
+ Software
+
+
+
+
+
+
+ Destination
+
+ Specifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software.
+ Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).
+ This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional:
+
+-- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key.
+-- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.
+
+ String
+
+ String
+
+
+ none
+
+
+ Disable
+
+ Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.
+
+ Nullable [DateTime]
+
+ Nullable [DateTime]
+
+
+ none
+
+
+ KeyFilePassword
+
+ Specifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension.
+
+ SecureString
+
+ SecureString
+
+
+ none
+
+
+ KeyFilePath
+
+ Specifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx.
+
+-- If the file is a .byok file, the key is automatically protected by HSMs after the import and you cannot override this default.
+-- If the file is a .pfx file, the key is automatically protected by software after the import. To override this default, set the Destination parameter to HSM so that the key is HSM-protected.
+ When you specify this parameter, the Destination parameter is optional.
+
+ String
+
+ String
+
+
+ none
+
+
+ KeyOps
+
+ Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.
+ The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key (JWK) specification (http://go.microsoft.com/fwlink/?LinkID=613300&clcid=0x409):
+
+-- Encrypt
+-- Decrypt
+-- Wrap
+-- Unwrap
+-- Sign
+-- Verify
+-- Backup
+-- Restore
+
+ String[]
+
+ String[]
+
+
+ none
+
+
+ Name
+
+ Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).
+
+ String
+
+ String
+
+
+ none
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately.
+
+ Nullable [DateTime]
+
+ Nullable [DateTime]
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ Tags
+
+ Specifies a hash table that represents resource tags. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+ System.Collections.Hashtable
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String, String[], DateTime
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.KeyBundle
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Create a key
+
+
+
+
+ PS C:\>Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware" -Destination "Software"
+
+
+ This command creates a software-protected key named ITSoftware in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Create an HSM-protected key
+
+
+
+
+ PS C:\>Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITHsm" -Destination "HSM"
+
+
+ This command creates an HSM-protected key in the key vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Create a key with non-default values
+
+
+
+
+ PS C:\>$KeyOperations = 'decrypt', 'verify'
+PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
+PS C:\> $NotBefore = (Get-Date).ToUniversalTime()
+PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = null}
+PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITHsmNonDefault" -Destination "HSM" -Expires $Expires -NotBefore $NotBefore -KeyOps $KeyOperations –Disable -Tags $Tags
+
+
+ The first command stores the values decrypt and verify in the $KeyOperations variable.
+ The second command creates a DateTime object, defined in UTC, by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date.
+ The third command creates a DateTime object by using the Get-Date cmdlet. That object specifies current UTC time. The command stores that date in the $NotBefore variable.
+ The final command creates a key named ITHsmNonDefault that is an HSM-protected key. The command specifies values for allowed key operations stored $KeyOperations. The command specifies times for the Expires and NotBefore parameters created in the previous commands, and tags for high severity and IT. The new key is disabled. You can enable it by using the Set-AzureKeyVaultKey cmdlet.
+
+
+
+
+
+
+
+
+
+
+ Example 4: Import an HSM-protected key
+
+
+
+
+ PS C:\>Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITByok" -KeyFilePath "C:\Contoso\ITByok.byok" -Destination "HSM"
+
+
+ This command imports the key named ITByok from the location that the KeyFilePath parameter specifies. The imported key is an HSM-protected key.
+ To import a key from your own hardware security module, you must first generate a BYOK package (a file with a .byok file name extension) by using the Azure Key Vault BYOK toolset. For more information, see How to Generate and Transfer HSM-Protected Keys for Azure Key Vault (http://go.microsoft.com/fwlink/?LinkId=522252).
+
+
+
+
+
+
+
+
+
+
+ Example 5: Import a software-protected key
+
+
+
+
+ PS C:\>$Password = ConvertTo-SecureString -String "Password" -AsPlainText -Force
+PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITPfx" -KeyFilePath "C:\Contoso\ITPfx.pfx" -KeyFilePassword $Password
+
+
+ The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. For more information, type Get-Help ConvertTo-SecureString.
+ The second command creates a software password in the Contoso vault. The command specifies the location for the key and the password stored in $Password.
+
+
+
+
+
+
+
+
+
+
+ Example 6: Import a key and assign attributes
+
+
+
+
+ PS C:\>$Password = ConvertTo-SecureString -String "password" -AsPlainText -Force
+PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
+PS C:\> $Tags = @{ 'Severity' = 'high'; 'Accounting' = null }
+PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITPfxToHSM" -Destination "HSM" -KeyFilePath "C:\Contoso\ITPfx.pfx" -KeyFilePassword $Password -Expires $Expires -Tags $Tags
+
+
+ The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable.
+ The second command creates a DateTime object by using the Get-Date cmdlet, and then stores that object in the $Expires variable.
+ The third command creates the $tags variable to set tags for high severity and IT.
+ The final command imports a key as an HSM key from the specified location. The command specifies the expiration time stored in $Expires and password stored in $Password, and applies the tags stored in $tags.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=520396
+
+
+ Backup-AzureKeyVaultKey
+
+
+
+ Get-AzureKeyVaultKey
+
+
+
+ Remove-AzureKeyVaultKey
+
+
+
+ Set-AzureKeyVaultKeyAttribute
+
+
+
+
+
+
+ Backup-AzureKeyVaultKey
+
+ Backs up a key in a vault.
+
+
+
+
+ Backup
+ AzureKeyVaultKey
+
+
+
+ The Backup-AzureKeyVaultKey cmdlet backs up a specified key in a vault by downloading it and storing it in a file. If there are multiple versions of the key, all versions are included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key Vault. You can restore a backed-up key to any key vault in the subscription that it was backed up from.
+ Typical reasons to use this cmdlet are:
+
+ -- You want to escrow a copy of your key, so that you have an offline copy in case you accidentally delete your key in your key vault.
+ -- You created a key using Azure Key Vault and now want to clone the key into a different Azure region, so that you can use it from all instances of your distributed application. Use the Backup-AzureKeyVaultKey cmdlet to retrieve the key in encrypted format and then use the Restore-AzureKeyVaultKey cmdlet and specify a key vault in the second region.
+
+
+
+ Backup-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the key vault that contains the key to back up.
+
+ String
+
+
+ Name
+
+ Specifies the name of the key to back up.
+
+ String
+
+
+ OutputFile
+
+ Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you. If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already exists.
+
+ String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ AzureProfile
+
+
+
+
+
+ Name
+
+ Specifies the name of the key to back up.
+
+ String
+
+ String
+
+
+ none
+
+
+ OutputFile
+
+ Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you. If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already exists.
+
+ String
+
+ String
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ AzureProfile
+
+ AzureProfile
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the key vault that contains the key to back up.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Back up a key with an automatically generated file name
+
+
+
+
+ PS C:\>Backup-AzureKeyVaultKey -VaultName "MyKeyVault" -Name "MyKey"
+
+
+ This command retrieves the key named MyKey from the vault named MyKeyVault and saves a backup of that key to a file that is automatically named for you, and displays the file name.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Back up a key to a specified file name
+
+
+
+
+ PS C:\>Backup-AzureKeyVaultKey -VaultName "MyKeyVault" -Name "MyKey" -OutputFile "C:\Backup.blob"
+
+
+ This command retrieves the key named MyKey from the vault named MyKeyVault and saves a backup of that key to a file named Backup.blob.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522259
+
+
+ Add-AzureKeyVaultKey
+
+
+
+ Get-AzureKeyVaultKey
+
+
+
+ Remove-AzureKeyVaultKey
+
+
+
+ Restore-AzureKeyVaultKey
+
+
+
+
+
+
+ Get-AzureKeyVaultKey
+
+ Gets the keys in a vault.
+
+
+
+
+ Get
+ AzureKeyVaultKey
+
+
+
+ The Get-AzureKeyVaultKey cmdlet gets the keys in an Azure Key Vault. This cmdlet gets a specific Microsoft.Azure.Commands.KeyVault.Models.KeyBundle or a list of all KeyBundle objects in a vault.
+
+
+
+ Get-AzureKeyVaultKey
+
+ Name
+
+ Specifies the name of the key bundle to get.
+
+ System.String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ IncludeVersions
+
+ Indicates that this cmdlet gets all versions of a key. The current version of a key is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters.
+ If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the key with the specified Name.
+
+
+
+
+ Get-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your selected environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of the key bundle to get.
+
+ System.String
+
+
+ Version
+
+ Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.
+
+ String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+ Get-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your selected environment.
+
+ String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+
+
+ IncludeVersions
+
+ Indicates that this cmdlet gets all versions of a key. The current version of a key is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters.
+ If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the key with the specified Name.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Name
+
+ Specifies the name of the key bundle to get.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your selected environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ Version
+
+ Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ List<Microsoft.Azure.Commands.KeyVault.Models.KeyBundle>, Microsoft.Azure.Commands.KeyVault.Models.KeyBundle
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Get all the keys in a vault
+
+
+
+
+ PS C:\>Get-AzureKeyVaultKey -VaultName "Contoso"
+
+
+ This command gets all the keys in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Get the current version of a key
+
+
+
+
+ PS C:\>Get-AzureKeyVaultKey -VaultName "Contoso" -KeyName "ITPfx"
+
+
+ This command gets the current version of the key named ITPfx in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Get all versions of a key
+
+
+
+
+ PS C:\>Get-AzureKeyVaultKey -VaultName "Contoso" -KeyName "ITPfx" -IncludeVersions
+
+
+ This command gets all versions the key named ITPfx in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 4: Get a specific version of a key
+
+
+
+
+ PS C:\>$Key = Get-AzureKeyVaultKey -VaultName "Contoso" -KeyName "ITPfx" –Version "5A12A276385949DB8B5F82AFEE85CAED"
+
+
+ This command gets a specific version of the key named ITPfx in the vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $Key object.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=521395
+
+
+ Add-AzureKeyVaultKey
+
+
+
+ Remove-AzureKeyVaultKey
+
+
+
+ Set-AzureKeyVaultKeyAttribute
+
+
+
+
+
+
+ Get-AzureKeyVaultSecret
+
+ Gets the secrets in a vault.
+
+
+
+
+ Get
+ AzureKeyVaultSecret
+
+
+
+ The Get-AzureKeyVaultSecret cmdlet gets secrets in an Azure Key Vault. This cmdlet gets a specific secret or all the secrets in a vault.
+
+
+
+ Get-AzureKeyVaultSecret
+
+ Name
+
+ Specifies the name of the secret to get.
+
+ System.String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ IncludeVersions
+
+ Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters.
+ If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the secret with the specified Name.
+
+
+
+
+ Get-AzureKeyVaultSecret
+
+ VaultName
+
+ Specifies the name of the vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of the secret to get.
+
+ System.String
+
+
+ Version
+
+ Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.
+
+ String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+ Get-AzureKeyVaultSecret
+
+ VaultName
+
+ Specifies the name of the vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+
+
+ IncludeVersions
+
+ Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters.
+ If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the secret with the specified Name.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Name
+
+ Specifies the name of the secret to get.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ Version
+
+ Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ List<Microsoft.Azure.Commands.KeyVault.Models.Secret>, Microsoft.Azure.Commands.KeyVault.Models.Secret
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Get all current versions of all secrets in a vault
+
+
+
+
+ PS C:\>Get-AzureKeyVaultSecret -VaultName "Contoso"
+
+
+ This command gets the current versions of all secrets in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Get all versions of a specific secret
+
+
+
+
+ PS C:\>Get-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" -IncludeVersions
+
+
+ This command gets all versions of the secret named ITSecret in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Get the current version of a specific secret
+
+
+
+
+ PS C:\>Get-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret"
+
+
+ This command gets the current version of the secret named ITSecret in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 4: Get a specific version of a specific secret
+
+
+
+
+ PS C:\>Get-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" –Version "6A12A286385949DB8B5F82AFEF85CAE9"
+
+
+ This command gets a specific version of the secret named ITSecret in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=521396
+
+
+ Remove-AzureKeyVaultSecret
+
+
+
+ Set-AzureKeyVaultSecret
+
+
+
+
+
+
+ Get-AzureKeyVault
+
+ Gets Azure Key Vault instances.
+
+
+
+
+ Get
+ AzureKeyVault
+
+
+
+ The Get-AzureKeyVault cmdlet gets information about the Azure Key Vault instances in a subscription. You can view all key vault instances in a subscription, or filter your results by a resource group or a particular key vault.
+ Note that although specifying the resource group is optional for this cmdlet when you get a single key vault, you should do so for better performance.
+
+
+
+ Get-AzureKeyVault
+
+ VaultName
+
+ Specifies the name of the key vault.
+
+ System.String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault or key vaults being queried.
+
+ System.String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+ Get-AzureKeyVault
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault or key vaults being queried.
+
+ System.String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+ Get-AzureKeyVault
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ Tag
+
+ Specifies the key and value of the specified tag to filter the list of key vaults by hash table.
+
+ System.Collections.Hashtable
+
+
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault or key vaults being queried.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ Tag
+
+ Specifies the key and value of the specified tag to filter the list of key vaults by hash table.
+
+ System.Collections.Hashtable
+
+ System.Collections.Hashtable
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the key vault.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+
+
+
+ String
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PSVault, List<PSVaultIdentityItem>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Get all key vaults in your current subscription
+
+
+
+
+ PS C:\>Get-AzureKeyVault
+
+
+ This command gets all the key vaults in your current subscription.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Get a specific key vault
+
+
+
+
+ PS C:\>$MyVault = Get-AzureKeyVault -VaultName "Contoso03Vault"
+
+
+ This command gets the key vault named Contoso03Vault in your current subscription, and then stores it in the $MyVault variable. You can inspect the properties of $MyVault to get details about the key vault.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Get key vaults in a resource group
+
+
+
+
+ PS C:\>Get-AzureKeyVault -ResourceGroupName "ContosoPayRollResourceGroup"
+
+
+ This command gets all the key vaults in the resource group named ContosoPayRollResourceGroup.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522254
+
+
+ New-AzureKeyVault
+
+
+
+ Remove-AzureKeyVault
+
+
+
+
+
+
+ New-AzureKeyVault
+
+ Creates an Azure Key Vault instance.
+
+
+
+
+ New
+ AzureKeyVault
+
+
+
+ The New-AzureKeyVault cmdlet creates an Azure Key Vault instance in the specified resource group. This cmdlet also grants permissions to the currently logged on user to add, remove, or list keys and secrets in the vault.
+
+
+
+ New-AzureKeyVault
+
+ VaultName
+
+ Specifies the name of the key vault to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of an existing resource group in which to create the key vault.
+
+ String
+
+
+ Location
+
+ Specifies the Azure region in which to create the key vault. Use the command Get-AzureLocation to see your choices. For more information, type Get-Help Get-AzureLocation.
+
+ String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ Sku
+
+ Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).
+
+
+ standard
+ premium
+
+
+
+ Tag
+
+ Specifies a hash table that represents resource tags.
+
+ System.Collections.Hashtable[]
+
+
+
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Location
+
+ Specifies the Azure region in which to create the key vault. Use the command Get-AzureLocation to see your choices. For more information, type Get-Help Get-AzureLocation.
+
+ String
+
+ String
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ ResourceGroupName
+
+ Specifies the name of an existing resource group in which to create the key vault.
+
+ String
+
+ String
+
+
+ none
+
+
+ Sku
+
+ Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).
+
+ String
+
+ String
+
+
+ none
+
+
+ Tag
+
+ Specifies a hash table that represents resource tags.
+
+ System.Collections.Hashtable[]
+
+ System.Collections.Hashtable[]
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the key vault to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String, Guid, Switch, Hash table
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSVault
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Create a Standard key vault
+
+
+
+
+ PS C:\>New-AzureKeyVault -VaultName "Contoso03Vault" -ResourceGroupName "Group14" -Location "East US"
+
+
+ This command creates a key vault named Contoso03Vault, in the Azure region East US. The command adds the key vault to the resource group named Group14. Because the command does not specify a value for the SKU parameter, it creates a Standard key vault.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Create a Premium key vault
+
+
+
+
+ PS C:\>New-AzureKeyVault -VaultName "Contoso03Vault" -ResourceGroupName "Group14" -Location "East US" -Sku "Premium"
+
+
+ This command creates a key vault, just like the previous example. However, it specifies a value of Premium for the SKU parameter to create a Premium key vault.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522255
+
+
+ Get-AzureKeyVault
+
+
+
+ Remove-AzureKeyVault
+
+
+
+
+
+
+ Remove-AzureKeyVaultAccessPolicy
+
+ Removes all permissions for a user or application from the Azure Key Vault.
+
+
+
+
+ Remove
+ AzureKeyVaultAccessPolicy
+
+
+
+ The Remove-AzureKeyVaultAccessPolicy cmdlet removes all permissions for a user or application or for all users and applications from the Azure Key Vault. Even if you remove all permissions, the owner of the Azure subscription that contains the vault can add permissions to the key vault.
+ Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance.
+
+
+
+ Remove-AzureKeyVaultAccessPolicy
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+ Remove-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ ServicePrincipalName
+
+ Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory.
+
+ String
+
+
+
+ Remove-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ UserPrincipalName
+
+ Specifies the user principal name of the user whose access you want to remove.
+
+ String
+
+
+
+ Remove-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ ObjectId
+
+ Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.
+
+ Guid
+
+
+
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ ObjectId
+
+ Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.
+
+ Guid
+
+ Guid
+
+
+ none
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ ServicePrincipalName
+
+ Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory.
+
+ String
+
+ String
+
+
+ none
+
+
+ UserPrincipalName
+
+ Specifies the user principal name of the user whose access you want to remove.
+
+ String
+
+ String
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String, Guid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSVault
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Remove permissions for a user
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -UserPrincipalName "PattiFuller@contoso.com"
+
+
+ This command removes all the permissions that a user PattiFuller@contoso.com has on the key vault named Contoso03Vault.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Remove permissions for an application
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -ServicePrincipalName "http://payroll.contoso.com"
+
+
+ This command removes all the permissions that an application has on the vault named Contoso03Vault. This example identifies the application by using the service principal name registered in Azure Active Directory, http://payroll.contoso.com.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Remove permissions for an application by using its object ID
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -ObjectID 34595082-9346-41b6-8d6b-295a2808b8db
+
+
+ This command removes all the permissions that an application has on the vault named Contoso03Vault. This example identifies the application by the object ID of the service principal.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522258
+
+
+ Set-AzureKeyVaultAccessPolicy
+
+
+
+
+
+
+ Remove-AzureKeyVaultKey
+
+ Deletes a key in a vault.
+
+
+
+
+ Remove
+ AzureKeyVaultKey
+
+
+
+ The Remove-AzureKeyVaultKey cmdlet deletes a key in an Azure Key Vault. This cmdlet has a value of high for the ConfirmImpact property.
+
+
+
+ Remove-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+
+ Force
+
+ Forces the command to run without asking for user confirmation.
+
+
+
+ PassThru
+
+ Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+
+
+ Force
+
+ Forces the command to run without asking for user confirmation.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Name
+
+ Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ PassThru
+
+ Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not generate any output.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.KeyBundle
+
+
+
+
+
+
+
+ This cmdlet returns a value only if you specify the PassThru parameter.
+
+
+
+
+
+
+
+ Example 1: Remove a key from a vault
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware"
+
+
+ This command removes the key named ITSoftware from the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Remove a key without user confirmation
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware" -Force -Confirm:$False
+
+
+ This command removes the key named ITSoftware from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Remove keys by using the pipeline operator
+
+
+
+
+ PS C:\>Get-AzureKeyVaultKey -VaultName "Contoso" | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzureKeyVaultKey
+
+
+ This command gets all the keys in the vault named Contoso, and passes them to the Where-Object cmdlet by using the pipeline operator. That cmdlet passes the keys that have a value of $False for the Enabled attribute to the current cmdlet. That cmdlet removes those keys.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=521397
+
+
+ Add-AzureKeyVaultKey
+
+
+
+ Get-AzureKeyVaultKey
+
+
+
+ Set-AzureKeyVaultKeyAttribute
+
+
+
+
+
+
+ Remove-AzureKeyVaultSecret
+
+ Deletes a secret in a vault.
+
+
+
+
+ Remove
+ AzureKeyVaultSecret
+
+
+
+ The Remove-AzureKeyVaultSecret cmdlet deletes a secret in an Azure Key Vault. This cmdlet has a value of high for the ConfirmImpact property.
+
+
+
+ Remove-AzureKeyVaultSecret
+
+ VaultName
+
+ Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+
+ Force
+
+ Forces the command to run without asking for user confirmation.
+
+
+
+ PassThru
+
+ Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+
+
+ Force
+
+ Forces the command to run without asking for user confirmation.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Name
+
+ Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ PassThru
+
+ Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not generate any output.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.Secret
+
+
+
+
+
+
+
+ This cmdlet returns a value only if you specify the PassThru parameter.
+
+
+
+
+
+
+
+ Example 1: Remove a secret from a vault
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultSecret -VaultName "Contoso" -Name "FinanceSecret"
+
+
+ This command removes the secret named FinanceSecret from the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Remove a secret from a vault without user confirmation
+
+
+
+
+ PS C:\>Remove-AzureKeyVaultSecret -VaultName "Contoso" -Name "FinanceSecret" -Force -Confirm:$False
+
+
+ This command removes the secret named FinanceSecret from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=521398
+
+
+ Get-AzureKeyVaultSecret
+
+
+
+ Set-AzureKeyVaultSecret
+
+
+
+
+
+
+ Remove-AzureKeyVault
+
+ Deletes an Azure Key Vault instance.
+
+
+
+
+ Remove
+ AzureKeyVault
+
+
+
+ The Remove-AzureKeyVault cmdlet deletes the specified Azure Key Vault instance. It also deletes all keys and secrets contained in that instance.
+ Note that although specifying the resource group is optional for this cmdlet, you should so for better performance.
+
+
+
+ Remove-AzureKeyVault
+
+ VaultName
+
+ Specifies the name of the key vault to remove.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of a resource group.
+
+ System.String
+
+
+ Force
+
+ Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the key vault.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+
+
+
+ Force
+
+ Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the key vault.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ ResourceGroupName
+
+ Specifies the name of a resource group.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the key vault to remove.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Remove a key vault
+
+
+
+
+ PS C:\>Remove-AzureKeyVault -VaultName "Contoso03Vault"
+
+
+ This command removes the key vault named Contoso03Vault from your current subscription.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Remove a key vault from a specified resource group
+
+
+
+
+ PS C:\>Remove-AzureKeyVault -VaultName "Contoso03Vault" -ResourceGroupName "Group14"
+
+
+ This command removes the key vault named Contoso03Vault from the named resource group. If you do not specify the resource group name, the cmdlet searches for the named key vault to delete in your current subscription.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522256
+
+
+ Get-AzureKeyVault
+
+
+
+ New-AzureKeyVault
+
+
+
+
+
+
+ Restore-AzureKeyVaultKey
+
+ Creates a key in in a vault from a backed-up key.
+
+
+
+
+ Restore
+ AzureKeyVaultKey
+
+
+
+ The Restore-AzureKeyVaultKey cmdlets creates a key in the specified key vault. This key is a replica of the backed-up key in the input file and has the same name as the original key. If the key vault already has a key by the same name, this cmdlet fails instead of overwriting the original key. If the backup contains multiple versions of a key, all versions are restored.
+ The key vault that you restore the key into can be different from the key vault that you backed up the key from. However, the key vault must use the same subscription and be in an Azure region in the same geography (for example, North America). See the Microsoft Azure Trust Center (https://azure.microsoft.com/support/trust-center/) for the mapping of Azure regions to geographies.
+
+
+
+ Restore-AzureKeyVaultKey
+
+ VaultName
+
+ Specifies the name of the key vault into which to restore the key.
+
+ String
+
+
+ InputFile
+
+ Specifies the input file that contains the backup of the key to restore.
+
+ String
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ AzureProfile
+
+
+
+
+
+ InputFile
+
+ Specifies the input file that contains the backup of the key to restore.
+
+ String
+
+ String
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ AzureProfile
+
+ AzureProfile
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the key vault into which to restore the key.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Restore a backed-up key
+
+
+
+
+ PS C:\>Restore-AzureKeyVaultKey -VaultName "MyKeyVault" -InputFile "C:\Backup.blob"
+
+
+ This command restores a key, including all of its versions, from the backup file named Backup.blob into the key vault named MyKeyVault.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522260
+
+
+ Add-AzureKeyVaultKey
+
+
+
+ Backup-AzureKeyVaultKey
+
+
+
+ Get-AzureKeyVaultKey
+
+
+
+ Remove-AzureKeyVaultKey
+
+
+
+
+
+
+ Set-AzureKeyVaultAccessPolicy
+
+ Grants or modifies existing permissions for a user or application to perform operations with the Azure Key Vault.
+
+
+
+
+ Set
+ AzureKeyVaultAccessPolicy
+
+
+
+ The Set-AzureKeyVaultAccessPolicy cmdlet grants or modifies existing permissions for a user or application to perform the specified operations with the Azure Key Vault. It does not modify the permissions that other users or applications have on the key vault.
+ The following directories must all be the same Azure directory:
+
+-- The Azure directory in which the key vault owner's user account resides.
+-- The default directory of the Azure subscription in which the key vault resides.
+-- The Azure directory in which the application service principal is registered.
+ Examples of scenarios when these conditions are not met and this cmdlet will not work are:
+
+-- Authorizing a user from a different organization to manage your key vault. Each organization has its own directory.
+-- Your Azure account has multiple directories. If you register an application in a directory other than the default directory, you will not be able to authorize that application to use your key vaults. The application must be in the default directory.
+ Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance.
+
+
+
+ Set-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of a key vault. This cmdlet modifies the access policy for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Indicates that this cmdlet returns the updated key vault object. By default, this cmdlet does not generate any output.
+
+
+
+ PermissionsToKeys
+
+ Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Decrypt
+-- Encrypt
+-- UnwrapKey
+-- WrapKey
+-- Verify
+-- Sign
+-- Get
+-- List
+-- Update
+-- Create
+-- Import
+-- Delete
+-- Backup
+-- Restore
+-- All
+
+
+ decrypt
+ encrypt
+ unwrapKey
+ wrapKey
+ verify
+ sign
+ get
+ list
+ update
+ create
+ import
+ delete
+ backup
+ restore
+ all
+
+
+
+ PermissionsToSecrets
+
+ Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Get
+-- List
+-- Set
+-- Delete
+-- All
+
+
+ get
+ list
+ set
+ delete
+ all
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ ObjectId
+
+ Specifies the object ID of the user or service principal in Azure Active Directory for which to grant permissions.
+
+ Guid
+
+
+
+ Set-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of a key vault. This cmdlet modifies the access policy for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Indicates that this cmdlet returns the updated key vault object. By default, this cmdlet does not generate any output.
+
+
+
+ PermissionsToKeys
+
+ Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Decrypt
+-- Encrypt
+-- UnwrapKey
+-- WrapKey
+-- Verify
+-- Sign
+-- Get
+-- List
+-- Update
+-- Create
+-- Import
+-- Delete
+-- Backup
+-- Restore
+-- All
+
+
+ decrypt
+ encrypt
+ unwrapKey
+ wrapKey
+ verify
+ sign
+ get
+ list
+ update
+ create
+ import
+ delete
+ backup
+ restore
+ all
+
+
+
+ PermissionsToSecrets
+
+ Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Get
+-- List
+-- Set
+-- Delete
+-- All
+
+
+ get
+ list
+ set
+ delete
+ all
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ ServicePrincipalName
+
+ Specifies the service principal name of the application to which to grant permissions. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory. The application with the service principal name that this parameter specifies must be registered in the Azure directory that contains your current subscription or the subscription specified by the SubscriptionName parameter, if that parameter is specified.
+
+ String
+
+
+
+ Set-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of a key vault. This cmdlet modifies the access policy for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+ PassThru
+
+ Indicates that this cmdlet returns the updated key vault object. By default, this cmdlet does not generate any output.
+
+
+
+ PermissionsToKeys
+
+ Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Decrypt
+-- Encrypt
+-- UnwrapKey
+-- WrapKey
+-- Verify
+-- Sign
+-- Get
+-- List
+-- Update
+-- Create
+-- Import
+-- Delete
+-- Backup
+-- Restore
+-- All
+
+
+ decrypt
+ encrypt
+ unwrapKey
+ wrapKey
+ verify
+ sign
+ get
+ list
+ update
+ create
+ import
+ delete
+ backup
+ restore
+ all
+
+
+
+ PermissionsToSecrets
+
+ Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Get
+-- List
+-- Set
+-- Delete
+-- All
+
+
+ get
+ list
+ set
+ delete
+ all
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ UserPrincipalName
+
+ Specifies the user principal name of the user to whom to grant permissions. This user principal name must exist in the directory associated with the current subscription or in the subscription specified by the SubscriptionName parameter, if that parameter is specified.
+
+ String
+
+
+
+ Set-AzureKeyVaultAccessPolicy
+
+ VaultName
+
+ Specifies the name of a key vault. This cmdlet modifies the access policy for the key vault that this parameter specifies.
+
+ String
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+
+ PassThru
+
+ Indicates that this cmdlet returns the updated key vault object. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+
+
+
+
+
+ EnabledForDeployment
+
+ Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ ObjectId
+
+ Specifies the object ID of the user or service principal in Azure Active Directory for which to grant permissions.
+
+ Guid
+
+ Guid
+
+
+ none
+
+
+ PassThru
+
+ Indicates that this cmdlet returns the updated key vault object. By default, this cmdlet does not generate any output.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ PermissionsToKeys
+
+ Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Decrypt
+-- Encrypt
+-- UnwrapKey
+-- WrapKey
+-- Verify
+-- Sign
+-- Get
+-- List
+-- Update
+-- Create
+-- Import
+-- Delete
+-- Backup
+-- Restore
+-- All
+
+ System.String[]
+
+ System.String[]
+
+
+ none
+
+
+ PermissionsToSecrets
+
+ Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are:
+
+-- Get
+-- List
+-- Set
+-- Delete
+-- All
+
+ System.String[]
+
+ System.String[]
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ ResourceGroupName
+
+ Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ ServicePrincipalName
+
+ Specifies the service principal name of the application to which to grant permissions. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory. The application with the service principal name that this parameter specifies must be registered in the Azure directory that contains your current subscription or the subscription specified by the SubscriptionName parameter, if that parameter is specified.
+
+ String
+
+ String
+
+
+ none
+
+
+ UserPrincipalName
+
+ Specifies the user principal name of the user to whom to grant permissions. This user principal name must exist in the directory associated with the current subscription or in the subscription specified by the SubscriptionName parameter, if that parameter is specified.
+
+ String
+
+ String
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of a key vault. This cmdlet modifies the access policy for the key vault that this parameter specifies.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String, Guid, String[], Switch
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSVault
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Grant permissions to a user for a key vault and modify the permissions
+
+
+
+
+ PS C:\>Set-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -UserPrincipalName "PattiFuller@contoso.com" -PermissionsToKeys create,import,delete,list -PermissionsToSecrets set,delete
+PS C:\> Set-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -UserPrincipalName "PattiFuller@contoso.com" -PermissionsToSecrets set,delete,get -PassThru
+PS C:\> Set-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -UserPrincipalName "PattiFuller@contoso.com" -PermissionsToKeys @() -PassThru
+
+
+ The first command grants permissions for a user in your Azure Active Directory, PattiFuller@contoso.com, to perform operations on keys and secrets with a key vault named Contoso03Vault.
+ The second command modifies the permissions that were granted to PattiFuller@contoso.com in the first command, to now allow getting secrets in addition to setting and deleting them. The permissions to key operations remain unchanged after this command. The PassThru parameter results in the updated key vault object being returned by the cmdlet.
+ The final command further modifies the existing permissions for PattiFuller@contoso.com to remove all permissions to key operations. The permissions to secret operations remain unchanged after this command. The PassThru parameter results in the updated key vault object being returned by the cmdlet.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Grant permissions for an application service principal to read and write secrets
+
+
+
+
+ PS C:\>Set-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -ServicePrincipalName "http://payroll.contoso.com" -PermissionsToSecrets "get,set"
+
+
+ This command grants permissions for an application for a vault named Contoso03Vault. The ServicePrincipalName parameter specifies the application. The application must be registered in your Azure Active Directory. The value of the ServicePrincipalName parameter must be either the service principal name of the application or the application ID GUID. This example specifies the service principal name http://payroll.contoso.com, and the command grants the application permissions to read and write secrets.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Grant permissions for an application using its object ID
+
+
+
+
+ PS C:\>Set-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -ObjectId 34595082-9346-41b6-8d6b-295a2808b8db -PermissionsToSecrets "get,set"
+
+
+ This command grants the application permissions to read and write secrets. This example specifies the application using the object ID of the service principal of the application.
+
+
+
+
+
+
+
+
+
+
+ Example 4: Enable secrets to be retrieved from a vault by the Microsoft.Compute resource provider
+
+
+
+
+ PS C:\>Set-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" –ResourceGroupName "Group14" -EnabledForDeployment
+
+
+ This command grants the permissions for secrets to be retrieved from the Contoso03Vault vault by the Microsoft.Compute resource provider.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=522257
+
+
+ Remove-AzureKeyVaultAccessPolicy
+
+
+
+
+
+
+ Set-AzureKeyVaultKeyAttribute
+
+ Updates the attributes of a key in a vault.
+
+
+
+
+ Set
+ AzureKeyVaultKeyAttribute
+
+
+
+ The Set-AzureKeyVaultKeyAttribute cmdlet updates the editable attributes of a key in an Azure Key Vault.
+
+
+
+ Set-AzureKeyVaultKeyAttribute
+
+ VaultName
+
+ Specifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+
+ Version
+
+ Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.
+
+ System.String [Boolean]
+
+
+ Enable
+
+ Specifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key.
+
+ Nullable [Boolean]
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.
+
+ Nullable [DateTime]
+
+
+ KeyOps
+
+ Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.
+ The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are:
+
+-- Encrypt
+-- Decrypt
+-- Wrap
+-- Unwrap
+-- Sign
+-- Verify
+-- Backup
+-- Restore
+
+ String[]
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet.
+
+ Nullable [DateTime]
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+ SwitchParameter [Boolean]
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ Tags
+
+ Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+
+
+
+
+ Enable
+
+ Specifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key.
+
+ Nullable [Boolean]
+
+ Nullable [Boolean]
+
+
+ none
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.
+
+ Nullable [DateTime]
+
+ Nullable [DateTime]
+
+
+ none
+
+
+ KeyOps
+
+ Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.
+ The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are:
+
+-- Encrypt
+-- Decrypt
+-- Wrap
+-- Unwrap
+-- Sign
+-- Verify
+-- Backup
+-- Restore
+
+ String[]
+
+ String[]
+
+
+ none
+
+
+ Name
+
+ Specifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet.
+
+ Nullable [DateTime]
+
+ Nullable [DateTime]
+
+
+ none
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+ SwitchParameter [Boolean]
+
+ SwitchParameter [Boolean]
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ Tags
+
+ Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+ System.Collections.Hashtable
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ Version
+
+ Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.
+
+ System.String [Boolean]
+
+ System.String [Boolean]
+
+
+ none
+
+
+
+
+
+ String, Boolean, DateTime
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.KeyBundle
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Modify a key to enable it, and set the expiration date and tags
+
+
+
+
+ PS C:\>$Expires = (Get-Date).AddYears(2).ToUniversalTime()
+PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = null}
+PS C:\> Set-AzureKeyVaultKeyAttribute -VaultName "Contoso" -Name "ITSoftware" -Expires $Expires -Enable $True -Tags $Tags -PassThru
+
+
+ The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date.
+ The second command creates a variable to store tag values of high severity and Accounting.
+ The final command modifies a key named ITSoftware. The command enables the key, sets its expiration time to the time stored in $Expires, and sets the tags that are stored in $Tags.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Modify a key to delete all tags
+
+
+
+
+ PS C:\>Set-AzureKeyVaultKeyAttribute -VaultName "Contoso" -Name "ITSoftware" –Version "7EEA45C6EE50490B9C3176F80AC1A0DG" –Tags @{}
+
+
+ This commands deletes all tags for a specific version of a key named ITSoftware.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=521399
+
+
+ Add-AzureKeyVaultKey
+
+
+
+ Get-AzureKeyVaultKey
+
+
+
+ Remove-AzureKeyVaultKey
+
+
+
+
+
+
+ Set-AzureKeyVaultSecretAttribute
+
+ Updates attributes of a secret in a vault.
+
+
+
+
+ Set
+ AzureKeyVaultSecretAttribute
+
+
+
+ The Set-AzureKeyVaultSecretAttribute cmdlet updates editable attributes of a secret in an Azure Key Vault.
+
+
+
+ Set-AzureKeyVaultSecretAttribute
+
+ VaultName
+
+ Specifies the name of the vault to modify. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies, and your currently selected environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+
+ Version
+
+ Specifies the version of a secret. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.
+
+ String
+
+
+ ContentType
+
+ Specifies the content type of a secret. If you do not specify this parameter, there is no change to the current secret's content type. To remove the existing content type, specify an empty string.
+
+ String
+
+
+ Enable
+
+ Indicates whether to enable a secret. Specify $False to disable a secret, or $True to enable a secret. If you do not specify this parameter, there is no change to the current secret’s enabled or disabled state.
+
+ Boolean
+
+
+ Expires
+
+ Specifies the date and time that a secret expires.
+
+ DateTime
+
+
+ NotBefore
+
+ Specifies the Coordinated Universal Time (UTC) before which the secret can't be used. If you do not specify this parameter, there is no change to the current secret's NotBefore attribute.
+
+ DateTime
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ AzureProfile
+
+
+ Tags
+
+ Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ Hashtable
+
+
+
+
+
+ ContentType
+
+ Specifies the content type of a secret. If you do not specify this parameter, there is no change to the current secret's content type. To remove the existing content type, specify an empty string.
+
+ String
+
+ String
+
+
+ none
+
+
+ Enable
+
+ Indicates whether to enable a secret. Specify $False to disable a secret, or $True to enable a secret. If you do not specify this parameter, there is no change to the current secret’s enabled or disabled state.
+
+ Boolean
+
+ Boolean
+
+
+ none
+
+
+ Expires
+
+ Specifies the date and time that a secret expires.
+
+ DateTime
+
+ DateTime
+
+
+ none
+
+
+ Name
+
+ Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ NotBefore
+
+ Specifies the Coordinated Universal Time (UTC) before which the secret can't be used. If you do not specify this parameter, there is no change to the current secret's NotBefore attribute.
+
+ DateTime
+
+ DateTime
+
+
+ none
+
+
+ PassThru
+
+ Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ AzureProfile
+
+ AzureProfile
+
+
+ none
+
+
+ Tags
+
+ Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ Hashtable
+
+ Hashtable
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault to modify. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies, and your currently selected environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ Version
+
+ Specifies the version of a secret. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ string, bool?, DateTime?, string[], Hashtable, SwitchParameter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Return Microsoft.Azure.Commands.KeyVault.Models.Secret object if PassThru is specified. Otherwise, return nothing.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Modify the attributes of a secret
+
+
+
+
+ PS C:\>$Expires = (Get-Date).AddYears(2).ToUniversalTime()
+PS C:\> $Nbf = (Get-Date).ToUniversalTime()
+PS C:\> $Tags = @{ "Severity" = "medium"; "HR" = null}
+PS C:\> $ContentType= "xml"
+PS C:\> Set-AzureKeyVaultSecretAttribute -VaultName "ContosoVault" -Name "HR" -Expires $Expires -NotBefore $Nbf -ContentType $ContentType -Enable $True -Tags $Tags -PassThru
+
+
+ The first four commands define attributes for the expiry date, the NotBefore date, tags, and context type, and store the attributes in variables.
+ The final command modifies the attributes for the secret named HR in the vault named ContosoVault, using the stored variables.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Delete the tags and content type for a secret
+
+
+
+
+ PS C:\>Set-AzureKeyVaultSecretAttribute -VaultName "ContosoVault" -Name "HR" -Version "9EEA45C6EE50490B9C3176A80AC1A0DF" -ContentType "" -Tags -@{}
+
+
+ This command deletes the tags and the content type for the specified version of the secret named HR in the vault named Contoso.
+
+
+
+
+
+
+
+
+
+
+ Example 3: Disable the current version of secrets whose name begins with IT
+
+
+
+
+ PS C:\>$Vault = "ContosoVault"
+PS C:\> $Prefix = "IT"
+PS C:\> Get-AzureKeyVaultSecret $Vault | Where-Object {$_.Name -like $Prefix + '*'} | Set-AzureKeyVaultSecretAttribute -Enable $False
+
+
+ The first command stores the string value Contoso in the $Vault variable.
+ The second command stores the string value IT in the $Prefix variable.
+ The third command uses the Get-AzureKeyVaultSecret cmdlet to get the secrets in the specified vault, and then passes those secrets to the Where-Object cmdlet. The Where-Object cmdlet filters the secrets for names that begin with the characters IT. The command pipes the secrets that match the filter to the Set-AzureKeyVaultSecretAttribute cmdlet, which disables them.
+
+
+
+
+
+
+
+
+
+
+ Example 4: Set the ContentType for all versions of a secret
+
+
+
+
+ PS C:\>$VaultName = "ContosoVault"
+PS C:\> $Name = "HR"
+PS C:\> $ContentType = "xml"
+PS C:\> Get-AzureKeyVaultKey -VaultName $VaultName -Name $Name -IncludeVersions | Set-AzureKeyVaultSecretAttribute -ContentType $ContentType
+
+
+
+ The first three commands define string variables to use for the VaultName, Name, and ContentType parameters. The fourth command uses the Get-AzureKeyVaultKey cmdlet to get the specified keys, and pipes the keys to the Set-AzureKeyVaultSecretAttribute cmdlet to set their content type to XML.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=534612
+
+
+ Get-AzureKeyVaultKey
+
+
+
+ Get-AzureKeyVaultSecret
+
+
+
+ Remove-AzureKeyVaultSecret
+
+
+
+ Set-AzureKeyVaultSecretAttribute
+
+
+
+
+
+
+ Set-AzureKeyVaultSecret
+
+ Creates or updates a secret in a vault.
+
+
+
+
+ Set
+ AzureKeyVaultSecret
+
+
+
+ The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in an Azure Key Vault. If the secret does not exist, this cmdlet creates it. If the secret already exists, this cmdlet replaces it with the value that you specify.
+
+
+
+ Set-AzureKeyVaultSecret
+
+ VaultName
+
+ Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+
+ Name
+
+ Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+
+ SecretValue
+
+ Specifies the value for the secret as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString.
+
+ SecureString
+
+
+ ContentType
+
+ Specifies the content type of a secret. To delete the existing content type, specify an empty string.
+
+ System.String
+
+
+ Disable
+
+ Indicates that this cmdlet disables a secret.
+
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the secret that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.
+
+ Nullable [System.DateTime]
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the secret cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet.
+
+ Nullable [System.DateTime]
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ Tags
+
+ Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+
+
+
+
+ ContentType
+
+ Specifies the content type of a secret. To delete the existing content type, specify an empty string.
+
+ System.String
+
+ System.String
+
+
+ none
+
+
+ Disable
+
+ Indicates that this cmdlet disables a secret.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ none
+
+
+ Expires
+
+ Specifies the expiration time, as a DateTime object, for the secret that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.
+
+ Nullable [System.DateTime]
+
+ Nullable [System.DateTime]
+
+
+ none
+
+
+ Name
+
+ Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+ NotBefore
+
+ Specifies the time, as a DateTime object, before which the secret cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet.
+
+ Nullable [System.DateTime]
+
+ Nullable [System.DateTime]
+
+
+ none
+
+
+ Profile
+
+ Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+ Microsoft.Azure.Common.Authentication.Models.AzureProfile
+
+
+ none
+
+
+ SecretValue
+
+ Specifies the value for the secret as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString.
+
+ SecureString
+
+ SecureString
+
+
+ none
+
+
+ Tags
+
+ Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).
+
+ System.Collections.Hashtable
+
+ System.Collections.Hashtable
+
+
+ none
+
+
+ VaultName
+
+ Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.
+
+ String
+
+ String
+
+
+ none
+
+
+
+
+
+ String, SecureString
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.Secret
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Example 1: Modify the value of a secret using default attributes
+
+
+
+
+ PS C:\>$Secret = ConvertTo-SecureString -String "Password" -AsPlainText -Force
+PS C:\> Set-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" -SecretValue $Secret
+
+
+ The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.
+ The second command modifies value of the secret named ITSecret in the vault named Contoso. The secret value becomes the value stored in $Secret.
+
+
+
+
+
+
+
+
+
+
+ Example 2: Modify the value of a secret using custom attributes
+
+
+
+
+ PS C:\>$Secret = ConvertTo-SecureString -String "Password" -AsPlainText -Force
+PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
+PS C:\> $NBF =(Get-Date).ToUniversalTime()
+PS C:\> $Tags = @{ "Severity" = "medium"; "IT" = null }
+PS C:\> $ContentType = "txt"
+PS C:\> Set-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" -SecretValue $Secret -Expires $Expires -NotBefore $NBF -ContentType $ContentType -Enable $True -Tags $Tags -PassThru
+
+
+ The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.
+ The next commands define custom attributes for the expiry date, tags, and context type, and store the attributes in variables.
+ The final command modifies values of the secret named ITSecret in the vault named Contoso, by using the values specified previously as variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ Online Version:
+ http://go.microsoft.com/fwlink/?LinkId=521400
+
+
+ Get-AzureKeyVaultSecret
+
+
+
+ Remove-AzureKeyVaultSecret
+
+
+
+
+