你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Get-AzKeyVaultSecret
Gets the secrets in a key vault.
Syntax
Get-AzKeyVaultSecret
[-VaultName] <String>
[[-Name] <String>]
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-VaultName] <String>
[-Name] <String>
[-Version] <String>
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-VaultName] <String>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-InputObject] <PSKeyVault>
[[-Name] <String>]
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-InputObject] <PSKeyVault>
[-Name] <String>
[-Version] <String>
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-InputObject] <PSKeyVault>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-ResourceId] <String>
[[-Name] <String>]
[-InRemovedState]
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-ResourceId] <String>
[-Name] <String>
[-Version] <String>
[-AsPlainText]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzKeyVaultSecret
[-ResourceId] <String>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The Get-AzKeyVaultSecret cmdlet gets secrets in a key vault. This cmdlet gets a specific secret or all the secrets in a key vault.
Examples
Example 1: Get all current versions of all secrets in a key vault
Get-AzKeyVaultSecret -VaultName 'Contoso'
Vault Name : contoso
Name : secret1
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret1
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret2
Enabled : True
Expires :
Not Before :
Created : 4/11/2018 11:45:06 PM
Updated : 4/11/2018 11:45:06 PM
Content Type :
Tags :This command gets the current versions of all secrets in the key vault named Contoso.
Example 2: Get all versions of a specific secret
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -IncludeVersions
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret1
Version : 5d1a74ba2c454439886fb8509b6cab3c
Id : https://contoso.vault.azure.net:443/secrets/secret1/5d1a74ba2c454439886fb8509b6cab3c
Enabled : True
Expires :
Not Before :
Created : 4/5/2018 11:44:50 PM
Updated : 4/5/2018 11:44:50 PM
Content Type :
Tags :This command gets all versions of the secret named secret1 in the key vault named Contoso.
Example 3: Get the current version of a specific secret
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1'
Vault Name : contoso
Name : secret1
Version : 7128133570f84a71b48d7d0550deb74c
Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :This command gets the current version of the secret named secret1 in the key vault named Contoso.
Example 4: Get a specific version of a specific secret
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -Version '5d1a74ba2c454439886fb8509b6cab3c'
Vault Name : contoso
Name : secret1
Version : 5d1a74ba2c454439886fb8509b6cab3c
Id : https://contoso.vault.azure.net:443/secrets/secret1/5d1a74ba2c454439886fb8509b6cab3c
Enabled : True
Expires :
Not Before :
Created : 4/5/2018 11:44:50 PM
Updated : 4/5/2018 11:44:50 PM
Content Type :
Tags :This command gets a specific version of the secret named secret1 in the key vault named Contoso.
Example 5: Get the plain text value of the current version of a specific secret
$secretText = Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -AsPlainTextThe cmdlet returns the secret as a string when -AsPlainText is applied.
Note: When listing secrets, i.e. not providing -Name, the -AsPlainText is ignored.
Example 6: Get all the secrets that have been deleted but not purged for this key vault.
Get-AzKeyVaultSecret -VaultName 'Contoso' -InRemovedState
Vault Name : contoso
Name : secret1
Id : https://contoso.vault.azure.net:443/secrets/secret1
Deleted Date : 4/4/2018 8:51:58 PM
Scheduled Purge Date : 7/3/2018 8:51:58 PM
Enabled : True
Expires :
Not Before :
Created : 4/4/2018 8:51:03 PM
Updated : 4/4/2018 8:51:03 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Id : https://contoso.vault.azure.net:443/secrets/secret2
Deleted Date : 5/7/2018 7:56:34 PM
Scheduled Purge Date : 8/5/2018 7:56:34 PM
Enabled : True
Expires :
Not Before :
Created : 4/6/2018 8:39:15 PM
Updated : 4/6/2018 10:11:24 PM
Content Type :
Tags :This command gets all the secrets that have been previously deleted, but not purged, in the key vault named Contoso.
Example 7: Gets the secret ITSecret that has been deleted but not purged for this key vault.
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -InRemovedState
Vault Name : contoso
Name : secret1
Version : 689d23346e9c42a2a64f4e3d75094dcc
Id : https://contoso.vault.azure.net:443/secrets/secret1/689d23346e9c42a2a64f4e3d75094dcc
Deleted Date : 4/4/2018 8:51:58 PM
Scheduled Purge Date : 7/3/2018 8:51:58 PM
Enabled : True
Expires :
Not Before :
Created : 4/4/2018 8:51:03 PM
Updated : 4/4/2018 8:51:03 PM
Content Type :
Tags :This command gets the secret 'secret1' that has been previously deleted, but not purged, in the key vault named Contoso. This command will return metadata such as the deletion date, and the scheduled purging date of this deleted secret.
Example 8: Get all current versions of all secrets in a key vault using filtering
Get-AzKeyVaultSecret -VaultName 'Contoso' -Name "secret*"
Vault Name : contoso
Name : secret1
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret1
Enabled : True
Expires : 4/6/2018 3:59:43 PM
Not Before :
Created : 4/5/2018 11:46:28 PM
Updated : 4/6/2018 11:30:17 PM
Content Type :
Tags :
Vault Name : contoso
Name : secret2
Version :
Id : https://contoso.vault.azure.net:443/secrets/secret2
Enabled : True
Expires :
Not Before :
Created : 4/11/2018 11:45:06 PM
Updated : 4/11/2018 11:45:06 PM
Content Type :
Tags :This command gets the current versions of all secrets in the key vault named Contoso that start with "secret".
Example 9: Get a secret in Azure Key Vault by command Get-Secret in module Microsoft.PowerShell.SecretManagement
# Install module Microsoft.PowerShell.SecretManagement
Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -AllowPrerelease
# Register vault for Secret Management
Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }
# Set secret for vault AzKeyVault
$secure = ConvertTo-SecureString -String "****" -AsPlainText -Force
Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure
Get-Secret -Vault AzKeyVault -Name secureSecret -AsPlainText
PasswordThis example Gets a secret named secureSecret in Azure Key Vault named test-kv by command Get-Secret in module Microsoft.PowerShell.SecretManagement.
Parameters
-AsPlainText
When set, the cmdlet will convert secret in secure string to the decrypted plaintext string as output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IncludeVersions
Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters. If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the secret with the specified Name.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
KeyVault Object.
| Type: | PSKeyVault |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InRemovedState
Specifies whether to show the previously deleted secrets in the output
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies the name of the secret to get.
| Type: | String |
| Aliases: | SecretName |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
-ResourceId
KeyVault Resource Id.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-VaultName
Specifies the name of the key vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name that this parameter specifies and your current environment.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Version
Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the key vault name, your currently selected environment, the secret name, and the secret version.
| Type: | String |
| Aliases: | SecretVersion |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
PSDeletedKeyVaultSecretIdentityItem
