Remove-AzureKeyVaultKey
Deletes a key in a key vault.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
Remove-AzureKeyVaultKey
[-VaultName] <String>
[-Name] <String>
[-Force]
[-PassThru]
[-InRemovedState]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-AzureKeyVaultKey
[-InputObject] <PSKeyVaultKeyIdentityItem>
[-Force]
[-PassThru]
[-InRemovedState]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Remove-AzureKeyVaultKey cmdlet deletes a key in a key vault. If the key was accidentally deleted the key can be recovered using Undo-AzureKeyVaultKeyRemoval by a user with special 'recover' permissions. This cmdlet has a value of high for the ConfirmImpact property.
Examples
Example 1: Remove a key from a key vault
PS C:\> Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -PassThru
Vault Name : contoso
Name : key2
Id : https://contoso.vault.azure.net:443/keys/itsoftware/fdad15793ba0437e960497908ef9eb32
Deleted Date : 5/24/2018 11:28:25 PM
Scheduled Purge Date : 8/22/2018 11:28:25 PM
Enabled : False
Expires : 10/11/2018 11:32:49 PM
Not Before : 4/11/2018 11:22:49 PM
Created : 4/12/2018 10:16:38 PM
Updated : 4/12/2018 10:16:38 PM
Purge Disabled : False
Tags :This command removes the key named ITSoftware from the key vault named Contoso.
Example 2: Remove a key without user confirmation
PS C:\> Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -ForceThis command removes the key named ITSoftware from the key vault named Contoso. The command specifies the Force parameter, and, therefore, the cmdlet does not prompt you for confirmation.
Example 3: Purge a deleted key from the key vault permanently
PS C:\> Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -InRemovedStateThis command removes the key named ITSoftware from the key vault named Contoso permanently. Executing this cmdlet requires the 'purge' permission, which must have been previously and explicitly granted to the user for this key vault.
Example 4: Remove keys by using the pipeline operator
PS C:\> Get-AzureKeyVaultKey -VaultName 'Contoso' | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzureKeyVaultKeyThis command gets all the keys in the key vault named Contoso, and passes them to the Where-Object cmdlet by using the pipeline operator. That cmdlet passes the keys that have a value of $False for the Enabled attribute to the current cmdlet. That cmdlet removes those keys.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
KeyBundle Object
| Type: | PSKeyVaultKeyIdentityItem |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InRemovedState
Remove the previously deleted key permanently.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the key vault, and your current environment.
| Type: | String |
| Aliases: | KeyName |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKey object. By default, this cmdlet does not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VaultName
Specifies the name of the key vault from which to remove the key. This cmdlet constructs the FQDN of a key vault based on the name that this parameter specifies and your current environment.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Parameters: InputObject (ByValue)