Update-AzureKeyVaultKey

Updates the attributes of a key in a key vault.

Syntax

Update-AzureKeyVaultKey
      [-VaultName] <String>
      [-Name] <String>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzureKeyVaultKey
      [-InputObject] <PSKeyVaultKeyIdentityItem>
      [[-Version] <String>]
      [-Enable <Boolean>]
      [-Expires <DateTime>]
      [-NotBefore <DateTime>]
      [-KeyOps <String[]>]
      [-Tag <Hashtable>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Update-AzureKeyVaultKey cmdlet updates the editable attributes of a key in a key vault.

Examples

Example 1: Modify a key to enable it, and set the expiration date and tags

PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
PS C:\> Update-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True -Tag $Tags -PassThru

Vault Name     : Contoso
Name           : ITSoftware
Version        : 394f9379a47a4e2086585468de6c7ae5
Id             : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled        : True
Expires        : 5/25/2020 7:58:07 PM
Not Before     :
Created        : 4/6/2018 11:31:36 PM
Updated        : 5/25/2018 7:59:02 PM
Purge Disabled : False
Tags           : Name        Value
                 Severity    high
                 Accounting  true

The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date. The second command creates a variable to store tag values of high severity and Accounting. The final command modifies a key named ITSoftware. The command enables the key, sets its expiration time to the time stored in $Expires, and sets the tags that are stored in $Tags.

Example 2: Modify a key to delete all tags

PS C:\> Update-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Version '394f9379a47a4e2086585468de6c7ae5' -Tag @{}

Vault Name     : Contoso
Name           : ITSoftware
Version        : 394f9379a47a4e2086585468de6c7ae5
Id             : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled        : True
Expires        : 5/25/2020 7:58:07 PM
Not Before     :
Created        : 4/6/2018 11:31:36 PM
Updated        : 5/25/2018 8:00:08 PM
Purge Disabled : False
Tags           :

This commands deletes all tags for a specific version of a key named ITSoftware.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Enable

Value of true enables the key and a value of false disabless the key. If not specified, the existing enabled/disabled state remains unchanged.

Type:System.Nullable`1[System.Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Expires

The expiration time of a key in UTC time. If not specified, the existing expiration time of the key remains unchanged.

Type:System.Nullable`1[System.DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputObject

Key object

Type:Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem
Position:0
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-KeyOps

The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.

Type:System.String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.

Type:String
Aliases:KeyName
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-NotBefore

The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.

Type:System.Nullable`1[System.DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Tag

A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-VaultName

Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Version

Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.

Type:String
Aliases:KeyVersion
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem

Parameters: InputObject (ByValue)

Outputs

PSKeyVaultKey