Restore-AzureKeyVaultSecret

Creates a secret in a key vault from a backed-up secret.

Important

Because Az PowerShell modules now have all the capabilities of AzureRM PowerShell modules and more, we'll retire AzureRM PowerShell modules on 29 February 2024.

To avoid service interruptions, update your scripts that use AzureRM PowerShell modules to use Az PowerShell modules by 29 February 2024. To automatically update your scripts, follow the quickstart guide.

Syntax

Restore-AzureKeyVaultSecret
       [-VaultName] <String>
       [-InputFile] <String>
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Restore-AzureKeyVaultSecret
       [-InputObject] <PSKeyVault>
       [-InputFile] <String>
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Restore-AzureKeyVaultSecret
       [-ResourceId] <String>
       [-InputFile] <String>
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Restore-AzureKeyVaultSecret cmdlet creates a secret in the specified key vault. This secret is a replica of the backed-up secret in the input file and has the same name as the original secret. If the key vault already has a secret by the same name, this cmdlet fails instead of overwriting the original secret. If the backup contains multiple versions of a secret, all versions are restored. The key vault that you restore the secret into can be different from the key vault that you backed up the secret from. However, the key vault must use the same subscription and be in an Azure region in the same geography (for example, North America). See the Microsoft Azure Trust Center (https://azure.microsoft.com/support/trust-center/) for the mapping of Azure regions to geographies.

Examples

Example 1: Restore a backed-up secret

PS C:\> Restore-AzureKeyVaultSecret -VaultName 'contoso' -InputFile "C:\Backup.blob"

Vault Name   : contoso
Name         : secret1
Version      : 7128133570f84a71b48d7d0550deb74c
Id           : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c
Enabled      : True
Expires      : 4/6/2018 3:59:43 PM
Not Before   :
Created      : 4/5/2018 11:46:28 PM
Updated      : 4/6/2018 11:30:17 PM
Content Type :
Tags         :

This command restores a secret, including all of its versions, from the backup file named Backup.blob into the key vault named contoso.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputFile

Specifies the input file that contains the backup of the secret to restore.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputObject

KeyVault object

Type:PSKeyVault
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-ResourceId

KeyVault Resource Id

Type:String
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-VaultName

Specifies the name of the key vault into which to restore the secret.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSKeyVault

Parameters: InputObject (ByValue)

String

Outputs

PSKeyVaultSecret