Update-AzureKeyVaultKey

Updates the attributes of a key in a key vault.

Important

Because Az PowerShell modules now have all the capabilities of AzureRM PowerShell modules and more, we'll retire AzureRM PowerShell modules on 29 February 2024.

To avoid service interruptions, update your scripts that use AzureRM PowerShell modules to use Az PowerShell modules by 29 February 2024. To automatically update your scripts, follow the quickstart guide.

Syntax

Update-AzureKeyVaultKey
      [-VaultName] <String>
      [-Name] <String>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzureKeyVaultKey
      [-InputObject] <PSKeyVaultKeyIdentityItem>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Update-AzureKeyVaultKey cmdlet updates the editable attributes of a key in a key vault.

Examples

Example 1: Modify a key to enable it, and set the expiration date and tags

PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
PS C:\> Update-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True -Tag $Tags -PassThru

Vault Name     : Contoso
Name           : ITSoftware
Version        : 394f9379a47a4e2086585468de6c7ae5
Id             : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled        : True
Expires        : 5/25/2020 7:58:07 PM
Not Before     :
Created        : 4/6/2018 11:31:36 PM
Updated        : 5/25/2018 7:59:02 PM
Purge Disabled : False
Tags           : Name        Value
                 Severity    high
                 Accounting  true

The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date. The second command creates a variable to store tag values of high severity and Accounting. The final command modifies a key named ITSoftware. The command enables the key, sets its expiration time to the time stored in $Expires, and sets the tags that are stored in $Tags.

Example 2: Modify a key to delete all tags

PS C:\> Update-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Version '394f9379a47a4e2086585468de6c7ae5' -Tag @{}

Vault Name     : Contoso
Name           : ITSoftware
Version        : 394f9379a47a4e2086585468de6c7ae5
Id             : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled        : True
Expires        : 5/25/2020 7:58:07 PM
Not Before     :
Created        : 4/6/2018 11:31:36 PM
Updated        : 5/25/2018 8:00:08 PM
Purge Disabled : False
Tags           :

This commands deletes all tags for a specific version of a key named ITSoftware.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Enable

Value of true enables the key and a value of false disabless the key. If not specified, the existing enabled/disabled state remains unchanged.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Expires

The expiration time of a key in UTC time. If not specified, the existing expiration time of the key remains unchanged.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputObject

Key object

Type:Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-KeyOps

The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.

Type:String
Aliases:KeyName
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-NotBefore

The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Tag

A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-VaultName

Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Version

Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.

Type:String
Aliases:KeyVersion
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem

Parameters: InputObject (ByValue)

Outputs

PSKeyVaultKey