Backup-AzureKeyVaultSecret
Backs up a secret in a key vault.
Important
You've reached a webpage for an outdated version of Azure PowerShell. All versions of the AzureRM PowerShell module are outdated, but not out of support. The Az PowerShell module is now the recommended PowerShell module for interacting with Azure. To get started with the Az PowerShell module, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
Syntax
Backup-AzureKeyVaultSecret
[-VaultName] <String>
[-Name] <String>
[[-OutputFile] <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Backup-AzureKeyVaultSecret
[-InputObject] <PSKeyVaultSecretIdentityItem>
[[-OutputFile] <String>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Backup-AzureKeyVaultSecret cmdlet backs up a specified secret in a key vault by downloading it and storing it in a file. If there are multiple versions of the secret, all versions are included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key Vault. You can restore a backed-up secret to any key vault in the subscription that it was backed up from. Typical reasons to use this cmdlet are:
- You want to escrow a copy of your secret, so that you have an offline copy in case you accidentally delete your secret in your key vault.
- You added a secret to a key vault and now want to clone the secret into a different Azure region, so that you can use it from all instances of your distributed application. Use the Backup-AzureKeyVaultSecret cmdlet to retrieve the secret in encrypted format and then use the Restore-AzureKeyVaultSecret cmdlet and specify a key vault in the second region. (Note that the regions must belong to the same geography.)
Examples
Example 1: Back up a secret with an automatically generated file name
PS C:\Users\username\> Backup-AzureKeyVaultSecret -VaultName 'MyKeyVault' -Name 'MySecret'
C:\Users\username\mykeyvault-mysecret-1527029447.01191This command retrieves the secret named MySecret from the key vault named MyKeyVault and saves a backup of that secret to a file that is automatically named for you, and displays the file name.
Example 2: Back up a secret to a specified file name, overwriting the existing file without prompting
PS C:\> Backup-AzureKeyVaultSecret -VaultName 'MyKeyVault' -Name 'MySecret' -OutputFile 'C:\Backup.blob' -Force
C:\Backup.blobThis command retrieves the secret named MySecret from the key vaultnamed MyKeyVault and saves a backup of that secret to a file named Backup.blob.
Example 3: Back up a secret previously retrieved to a specified file name
PS C:\> $secret = Get-AzureKeyVaultSecret -VaultName 'MyKeyVault' -Name 'MySecret'
PS C:\> Backup-AzureKeyVaultSecret -Secret $secret -OutputFile 'C:\Backup.blob'
C:\Backup.blobThis command uses the $secret object's vault name and name to retrieves the secret and saves its backup to a file named Backup.blob.
Parameters
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with azure
| Type: | Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before overwriting the output file, if that exists.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Secret to be backed up, pipelined in from the output of a retrieval call.
| Type: | Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem |
| Aliases: | Secret |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the name of the secret to back up.
| Type: | String |
| Aliases: | SecretName |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you. If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already exists.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the name of the key vault that contains the secret to back up.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem
Parameters: InputObject (ByValue)