Update-AzKeyVaultKey

Reference

Module:: Az.KeyVault

Updates the attributes of a key in a key vault.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Update-AzKeyVaultKey
      [-VaultName] <String>
      [-Name] <String>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzKeyVaultKey
      -HsmName <String>
      [-Name] <String>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzKeyVaultKey
      [-InputObject] <PSKeyVaultKeyIdentityItem>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Update-AzKeyVaultKey cmdlet updates the editable attributes of a key in a key vault.

Examples

Example 1: Modify a key to enable it, and set the expiration date and tags

$Expires = (Get-Date).AddYears(2).ToUniversalTime()
$Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
Update-AzKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True -Tag $Tags -PassThru

Vault Name     : Contoso
Name           : ITSoftware
Version        : 394f9379a47a4e2086585468de6c7ae5
Id             : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled        : True
Expires        : 5/25/2020 7:58:07 PM
Not Before     :
Created        : 4/6/2018 11:31:36 PM
Updated        : 5/25/2018 7:59:02 PM
Purge Disabled : False
Tags           : Name        Value
                 Severity    high
                 Accounting  true

The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date. The second command creates a variable to store tag values of high severity and Accounting. The final command modifies a key named ITSoftware. The command enables the key, sets its expiration time to the time stored in $Expires, and sets the tags that are stored in $Tags.

Example 2: Modify a key to delete all tags

Update-AzKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Version '394f9379a47a4e2086585468de6c7ae5' -Tag @{}

Vault Name     : Contoso
Name           : ITSoftware
Version        : 394f9379a47a4e2086585468de6c7ae5
Id             : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled        : True
Expires        : 5/25/2020 7:58:07 PM
Not Before     :
Created        : 4/6/2018 11:31:36 PM
Updated        : 5/25/2018 8:00:08 PM
Purge Disabled : False
Tags           :

This commands deletes all tags for a specific version of a key named ITSoftware.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Enable

Value of true enables the key and a value of false disabless the key. If not specified, the existing enabled/disabled state remains unchanged.

Type:	Nullable<T>[Boolean]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Expires

The expiration time of a key in UTC time. If not specified, the existing expiration time of the key remains unchanged.

Type:	Nullable<T>[DateTime]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-HsmName

HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

Key object

Type:	PSKeyVaultKeyIdentityItem
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-KeyOps

The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.

Type:	String
Aliases:	KeyName
Position:	1
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-NotBefore

The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.

Type:	Nullable<T>[DateTime]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-PassThru

Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Tag

A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.

Type:	Hashtable
Aliases:	Tags
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-VaultName

Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.

Type:	String
Position:	0
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Version

Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.

Type:	String
Aliases:	KeyVersion
Position:	2
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

PSKeyVaultKeyIdentityItem

Outputs

PSKeyVaultKey