Get-Secret
Finds and returns a secret by name from registered vaults.
Syntax
Get-Secret
[-Name] <String>
[[-Vault] <String>]
[-AsPlainText]
[<CommonParameters>]
Get-Secret
[-InputObject] <SecretInformation>
[-AsPlainText]
[<CommonParameters>]
Description
This cmdlet finds and returns the first secret that matches the provided name. If a vault name is specified, only that vault is searched. Otherwise, it searches all vaults and returns the first matching result. If the vault registry has a default vault, the cmdlet searches that vault before any other registered vault. Secrets that are String or SecureString types are returned as SecureString objects by default.
Examples
Example 1
Get-Secret -Name Secret1 -Vault CredMan
Get-Secret -Name Secret1 -Vault CredMan -AsPlainText
System.Security.SecureString
PlainTextSecretString
This example searches for a secret with the name Secret1
, which is a String type secret. The
first command returns the secret as a SecureString object. The second command uses the
AsPlainText parameter to return the secret as a String object instead, displaying in the
console as plain text.
Example 2
Get-SecretInfo -Name Secret2 -Vault SecretStore | Get-Secret -AsPlainText
This example retrieves secret information for the secret named Secret2
in the vault named
SecretStore
. It then sends the result through the pipeline to Get-Secret
, which searches for the
secret and returns it as plain text.
Parameters
-AsPlainText
Specifies that a secret whose type is String or SecureString should be returned as a String (in plain text) instead of a SecureString. If the secret being retrieved is not a String or SecureString, this parameter has no effect.
Caution
To ensure security, you should avoid using plaintext strings whenever possible.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Specifies a SecretInformation object representing a vault secret instead of specifying the
Name and Vault parameters. You can get a SecretInformation object with the
Get-SecretInfo
cmdlet.
Type: | SecretInformation |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
Specifies the name of the secret to retrieve. Wildcard characters are not permitted.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Vault
Specifies the name of the registered vault to retrieve the secret from. If no vault name is specified, then all registered vaults are searched. If the vault registry has a default vault and this parameter is not specified, then the default vault is searched before the other registered vaults.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.PowerShell.SecretManagement.SecretInformation