az keyvault secret

Manage secrets.

Commands

az keyvault secret backup Requests that a backup of the specified secret be downloaded to the client.
az keyvault secret delete Deletes a secret from a specified key vault.
az keyvault secret download Download a secret from a KeyVault.
az keyvault secret list List secrets in a specified key vault.
az keyvault secret list-deleted List deleted secrets in the specified vault.
az keyvault secret list-versions List the versions of the specified secret.
az keyvault secret purge Permanently deletes the specified secret.
az keyvault secret recover Recovers the deleted secret back to its current version under /secrets.
az keyvault secret restore
az keyvault secret set Sets a secret in a specified key vault.
az keyvault secret set-attributes Updates the attributes associated with a specified secret in a given key vault.
az keyvault secret show Get a specified secret from a given key vault.
az keyvault secret show-deleted Retrieves the deleted secret information plus its attributes.

az keyvault secret backup

Requests that a backup of the specified secret be downloaded to the client.

az keyvault secret backup --file-path
--name
--vault-name

Required Parameters

--file-path
--name -n
Name of the secret.
--vault-name
Name of the key vault.

az keyvault secret delete

Deletes a secret from a specified key vault.

az keyvault secret delete --name
--vault-name

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

az keyvault secret download

Download a secret from a KeyVault.

az keyvault secret download --file
--name
--vault-name
[--encoding {ascii, base64, hex, utf-16be, utf-16le, utf-8}]
[--version]

Required Parameters

--file -f
File to receive the secret contents.
--name -n
Name of the secret.
--vault-name
Name of the key vault.

Optional Parameters

--encoding -e
Encoding of the destination file. By default, will look for the 'file-encoding' tag on the secret. Otherwise will assume 'utf-8'.
accepted values: ascii, base64, hex, utf-16be, utf-16le, utf-8
--version -v
The secret version. If omitted, uses the latest version.

az keyvault secret list

List secrets in a specified key vault.

az keyvault secret list --vault-name
[--maxresults]

Required Parameters

--vault-name
Name of the key vault.

Optional Parameters

--maxresults
Maximum number of results to return in a page. If not specified the service will return up to 25 results.

az keyvault secret list-deleted

List deleted secrets in the specified vault.

az keyvault secret list-deleted --vault-name
[--maxresults]

Required Parameters

--vault-name
Name of the key vault.

Optional Parameters

--maxresults
Maximum number of results to return in a page. If not specified the service will return up to 25 results.

az keyvault secret list-versions

List the versions of the specified secret.

az keyvault secret list-versions --name
--vault-name
[--maxresults]

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

Optional Parameters

--maxresults
Maximum number of results to return in a page. If not specified the service will return up to 25 results.

az keyvault secret purge

Permanently deletes the specified secret.

az keyvault secret purge --name
--vault-name

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

az keyvault secret recover

Recovers the deleted secret back to its current version under /secrets.

az keyvault secret recover --name
--vault-name

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

az keyvault secret restore

az keyvault secret restore --file-path
--vault-name

Required Parameters

--file-path
--vault-name
Name of the key vault.

az keyvault secret set

Sets a secret in a specified key vault.

az keyvault secret set --name
--vault-name
[--description]
[--disabled {false, true}]
[--encoding {ascii, base64, hex, utf-16be, utf-16le, utf-8}]
[--expires]
[--file]
[--not-before]
[--tags]
[--value]

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

Optional Parameters

--description
Description of the secret contents (e.g. password, connection string, etc).
--disabled
Create secret in disabled state.
accepted values: false, true
--encoding -e
Source file encoding. The value is saved as a tag (`file-encoding=<val>`) and used during download to automatically encode the resulting file.
accepted values: ascii, base64, hex, utf-16be, utf-16le, utf-8
default value: utf-8
--expires
Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
--file -f
Source file for secret. Use in conjunction with '--encoding'.
--not-before
Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
--tags
Space separated tags in 'key[=value]' format. Use "" to clear existing tags.
--value
Plain text secret value. Cannot be used with '--file' or '--encoding'.

az keyvault secret set-attributes

Updates the attributes associated with a specified secret in a given key vault.

az keyvault secret set-attributes --name
--vault-name
[--content-type]
[--enabled {false, true}]
[--expires]
[--not-before]
[--tags]
[--version]

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

Optional Parameters

--content-type
Type of the secret value such as a password.
--enabled
Enable the secret.
accepted values: false, true
--expires
Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
--not-before
Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
--tags
Space separated tags in 'key[=value]' format. Use "" to clear existing tags.
--version -v
The secret version. If omitted, uses the latest version.

az keyvault secret show

Get a specified secret from a given key vault.

az keyvault secret show --name
--vault-name
[--version]

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.

Optional Parameters

--version -v
The secret version. If omitted, uses the latest version.

az keyvault secret show-deleted

Retrieves the deleted secret information plus its attributes.

az keyvault secret show-deleted --name
--vault-name

Required Parameters

--name -n
Name of the secret.
--vault-name
Name of the key vault.