Get-Secret

Finds and returns a secret by name from registered vaults.

Syntax

Get-Secret
   [-Name] <String>
   [[-Vault] <String>]
   [-AsPlainText]
   [<CommonParameters>]
Get-Secret
   [-InputObject] <SecretInformation>
   [-AsPlainText]
   [<CommonParameters>]

Description

This cmdlet finds and returns the first secret that matches the provided name. If a vault name is specified, only that vault is searched. Otherwise, it searches all vaults and returns the first matching result. If the vault registry has a default vault, the cmdlet searches that vault before any other registered vault. Secrets that are String or SecureString types are returned as SecureString objects by default.

Examples

Example 1

Get-Secret -Name Secret1 -Vault CredMan
Get-Secret -Name Secret1 -Vault CredMan -AsPlainText

System.Security.SecureString
PlainTextSecretString

This example searches for a secret with the name Secret1, which is a String type secret. The first command returns the secret as a SecureString object. The second command uses the AsPlainText parameter to return the secret as a String object instead, displaying in the console as plain text.

Example 2

Get-SecretInfo -Name Secret2 -Vault SecretStore | Get-Secret -AsPlainText

This example retrieves secret information for the secret named Secret2 in the vault named SecretStore. It then sends the result through the pipeline to Get-Secret, which searches for the secret and returns it as plain text.

Parameters

-AsPlainText

Specifies that a secret whose type is String or SecureString should be returned as a String (in plain text) instead of a SecureString. If the secret being retrieved is not a String or SecureString, this parameter has no effect.

Caution

To ensure security, you should avoid using plaintext strings whenever possible.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies a SecretInformation object representing a vault secret instead of specifying the Name and Vault parameters. You can get a SecretInformation object with the Get-SecretInfo cmdlet.

Type:SecretInformation
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies the name of the secret to retrieve. Wildcard characters are not permitted.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Vault

Specifies the name of the registered vault to retrieve the secret from. If no vault name is specified, then all registered vaults are searched. If the vault registry has a default vault and this parameter is not specified, then the default vault is searched before the other registered vaults.

Type:String
Position:1
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Microsoft.PowerShell.SecretManagement.SecretInformation

Outputs

Object