Remove-​Azure​Key​Vault​Key

Deletes a key in a key vault.

Syntax

Remove-AzureKeyVaultKey
      [-VaultName] <String>
      [-Name] <String>
      [-Confirm]
      [-Force]
      [-InRemovedState]
      [-PassThru]
      [-WhatIf]
      [<CommonParameters>]

Description

The Remove-AzureKeyVaultKey cmdlet deletes a key in a key vault. If the key was accidentally deleted the key can be recovered using Undo-AzureKeyVaultKeyRemoval by a user with special 'recover' permissions. This cmdlet has a value of high for the ConfirmImpact property.

Examples

Example 1: Remove a key from a key vault

PS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware'

This command removes the key named ITSoftware from the key vault named Contoso.

Example 2: Remove a key without user confirmation

PS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Force -Confirm:$False

This command removes the key named ITSoftware from the key vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.

Example 3: Purge a deleted key from the key vault permanently

PS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -InRemovedState

This command removes the key named ITSoftware from the key vault named Contoso permanently. This flag requires the user to have special 'purge' persmissions on the key vault.

Example 4: Remove keys by using the pipeline operator

PS C:\>Get-AzureKeyVaultKey -VaultName 'Contoso' | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzureKeyVaultKey

This command gets all the keys in the key vault named Contoso, and passes them to the Where-Object cmdlet by using the pipeline operator. That cmdlet passes the keys that have a value of $False for the Enabled attribute to the current cmdlet. That cmdlet removes those keys.

Required Parameters

-Name

Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the key vault, and your current environment.

Type:String
Aliases:KeyName
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-VaultName

Specifies the name of the key vault from which to remove the key. This cmdlet constructs the FQDN of a key vault based on the name that this parameter specifies and your current environment.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InRemovedState

Remove the previously deleted key permanently.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

Microsoft.Azure.Commands.KeyVault.Models.DeletedKeyBundle

This cmdlet returns a value only if you specify the PassThru parameter.