Backup-AzKeyVaultCertificate
Backs up a certificate in a key vault.
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
Backup-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
[[-OutputFile] <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Backup-AzKeyVaultCertificate
[-InputObject] <PSKeyVaultCertificateIdentityItem>
[[-OutputFile] <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Backup-AzKeyVaultCertificate cmdlet backs up a specified certificate in a key vault by downloading it and storing it in a file. If the certificate has multiple versions, all its versions will be included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key Vault. You can restore a backed-up certificate to any key vault in the subscription that it was backed up from, as long as the vault is in the same Azure geography. Typical reasons to use this cmdlet are:
You want to retain an offline copy of the certificate in case you accidentally delete the original from the vault.
You created a certificate using Key Vault and now want to clone the object into a different Azure region, so that you can use it from all instances of your distributed application. Use the Backup-AzKeyVaultCertificate cmdlet to retrieve the certificate in encrypted format and then use the Restore-AzKeyVaultCertificate cmdlet and specify a key vault in the second region.
Examples
Example 1: Back up a certificate with an automatically generated file name
Backup-AzKeyVaultCertificate -VaultName 'mykeyvault' -Name 'mycert'
C:\Users\username\mykeyvault-mycert-1527029447.01191This command retrieves the certificate named MyCert from the key vault named MyKeyVault and saves a backup of that certificate to a file that is automatically named for you, and displays the file name.
Example 2: Back up a certificate to a specified file name
Backup-AzKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyCert' -OutputFile 'C:\Backup.blob'
C:\Backup.blobThis command retrieves the certificate named MyCert from the key vault named MyKeyVault and saves a backup of that certificate to a file named Backup.blob.
Example 3: Back up a previously retrieved certificate to a specified file name, overwriting the destination file without prompting.
$cert = Get-AzKeyVaultCertificate -VaultName 'MyKeyVault' -Name 'MyCert'
Backup-AzKeyVaultCertificate -Certificate $cert -OutputFile 'C:\Backup.blob' -Force
C:\Backup.blobThis command creates a backup of the certificate named $cert.Name in the vault named $cert.VaultName to a file named Backup.blob, silently overwriting the file if it exists already.
Parameters
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Overwrite the given file if it exists
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Secret to be backed up, pipelined in from the output of a retrieval call.
| Type: | PSKeyVaultCertificateIdentityItem |
| Aliases: | Certificate |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.
| Type: | String |
| Aliases: | SecretName |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Output file. The output file to store the backup of the certificate. If not specified, a default filename will be generated.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
PSKeyVaultCertificateIdentityItem