Microsoft.Azure.Commands.KeyVault.dll-help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems xmlns="http://msh" schema="maml"> <!-- Updatable Help Version 2.0.0.0 --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-AzureKeyVaultKey</command:name> <maml:description> <maml:para>Creates a key in a vault or imports a key into a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Add</command:verb> <command:noun>AzureKeyVaultKey</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Add-AzureKeyVaultKey cmdlet creates a key in a key vault in Azure Key Vault, or imports a key into a vault. Use this cmdlet to add keys by using any of the following methods: -- Create a key in a hardware security module (HSM) in the Azure Key Vault service. -- Create a key in software in the Azure Key Vault service. -- Import a key from your own hardware security module (HSM) to HSMs in the Azure Key Vault service. -- Import a key from a .pfx file on your computer. -- Import a key from a .pfx file on your computer to hardware security modules (HSMs) in the Azure Key Vault service. For any of these operations, you can provide key attributes or accept default settings. If you create or import a key that has the same name as an existing key in your key vault, the original key is updated with the values that you specify for the new key. You can access the previous values by using the version-specific URI for that version of the key. To learn about key versions and the URI structure, see "About Keys and Secrets" in the <maml:navigationLink><maml:linkText>Key Vault REST API documentation</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=518560). Note: To import a key from your own hardware security module, you must first generate a BYOK package (a file with a .byok file name extension) by using the Azure Key Vault BYOK toolset. For more information, see <maml:navigationLink><maml:linkText>How to Generate and Transfer HSM-Protected Keys for Azure Key Vault</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=522252).</maml:para> <maml:para>As a best practice, back up your key after it is created or updated, by using the Backup-AzureKeyVaultKey cmdlet. There is no undelete functionality, so if you accidentally delete your key or delete it and then change your mind, the key is not recoverable unless you have a backup of it that you can restore.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Destination</maml:name> <maml:description> <maml:para>Specifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software. </maml:para> <maml:para>Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the <maml:navigationLink><maml:linkText>Azure Key Vault Pricing website</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=512521).</maml:para> <maml:para>This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional: -- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key. -- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">HSM</command:parameterValue> <command:parameterValue required="true" variableLength="false">Software</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Disable</maml:name> <maml:description> <maml:para>Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyFilePassword</maml:name> <maml:description> <maml:para>Specifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SecureString</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>KeyOps</maml:name> <maml:description> <maml:para>Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.</maml:para> <maml:para>The acceptable values for this parameter are a comma-separated list of key operations as defined by the <maml:navigationLink><maml:linkText>JSON Web Key (JWK) specification</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=613300&clcid=0x409): -- Encrypt -- Decrypt -- Wrap -- Unwrap -- Sign -- Verify -- Backup -- Restore</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents resource tags. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyFilePath</maml:name> <maml:description> <maml:para>Specifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx. -- If the file is a .byok file, the key is automatically protected by HSMs after the import and you cannot override this default. -- If the file is a .pfx file, the key is automatically protected by software after the import. To override this default, set the Destination parameter to HSM so that the key is HSM-protected.</maml:para> <maml:para>When you specify this parameter, the Destination parameter is optional. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Disable</maml:name> <maml:description> <maml:para>Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>KeyOps</maml:name> <maml:description> <maml:para>Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.</maml:para> <maml:para>The acceptable values for this parameter are a comma-separated list of key operations as defined by the <maml:navigationLink><maml:linkText>JSON Web Key (JWK) specification</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=613300&clcid=0x409): -- Encrypt -- Decrypt -- Wrap -- Unwrap -- Sign -- Verify -- Backup -- Restore</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents resource tags. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Destination</maml:name> <maml:description> <maml:para>Specifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software. </maml:para> <maml:para>Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the <maml:navigationLink><maml:linkText>Azure Key Vault Pricing website</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=512521).</maml:para> <maml:para>This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional: -- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key. -- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">HSM</command:parameterValue> <command:parameterValue required="true" variableLength="false">Software</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Destination</maml:name> <maml:description> <maml:para>Specifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software. </maml:para> <maml:para>Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the <maml:navigationLink><maml:linkText>Azure Key Vault Pricing website</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=512521).</maml:para> <maml:para>This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional: -- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key. -- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Disable</maml:name> <maml:description> <maml:para>Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyFilePassword</maml:name> <maml:description> <maml:para>Specifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyFilePath</maml:name> <maml:description> <maml:para>Specifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx. -- If the file is a .byok file, the key is automatically protected by HSMs after the import and you cannot override this default. -- If the file is a .pfx file, the key is automatically protected by software after the import. To override this default, set the Destination parameter to HSM so that the key is HSM-protected.</maml:para> <maml:para>When you specify this parameter, the Destination parameter is optional. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>KeyOps</maml:name> <maml:description> <maml:para>Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.</maml:para> <maml:para>The acceptable values for this parameter are a comma-separated list of key operations as defined by the <maml:navigationLink><maml:linkText>JSON Web Key (JWK) specification</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=613300&clcid=0x409): -- Encrypt -- Decrypt -- Wrap -- Unwrap -- Sign -- Verify -- Backup -- Restore</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents resource tags. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String, String[], DateTime</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.KeyBundle</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Create a key</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Destination 'Software' </dev:code> <dev:remarks> <maml:para>This command creates a software-protected key named ITSoftware in the vault named Contoso.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Create an HSM-protected key</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITHsm' -Destination 'HSM' </dev:code> <dev:remarks> <maml:para>This command creates an HSM-protected key in the key vault named Contoso.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Create a key with non-default values</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$KeyOperations = 'decrypt', 'verify' PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() PS C:\> $NotBefore = (Get-Date).ToUniversalTime() PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = null} PS C:\> Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITHsmNonDefault' -Destination 'HSM' -Expires $Expires -NotBefore $NotBefore -KeyOps $KeyOperations –Disable -Tags $Tags </dev:code> <dev:remarks> <maml:para>The first command stores the values decrypt and verify in the $KeyOperations variable.</maml:para> <maml:para>The second command creates a DateTime object, defined in UTC, by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date.</maml:para> <maml:para>The third command creates a DateTime object by using the Get-Date cmdlet. That object specifies current UTC time. The command stores that date in the $NotBefore variable. </maml:para> <maml:para>The final command creates a key named ITHsmNonDefault that is an HSM-protected key. The command specifies values for allowed key operations stored $KeyOperations. The command specifies times for the Expires and NotBefore parameters created in the previous commands, and tags for high severity and IT. The new key is disabled. You can enable it by using the Set-AzureKeyVaultKey cmdlet.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 4: Import an HSM-protected key</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITByok' -KeyFilePath 'C:\Contoso\ITByok.byok' -Destination 'HSM' </dev:code> <dev:remarks> <maml:para>This command imports the key named ITByok from the location that the KeyFilePath parameter specifies. The imported key is an HSM-protected key.</maml:para> <maml:para>To import a key from your own hardware security module, you must first generate a BYOK package (a file with a .byok file name extension) by using the Azure Key Vault BYOK toolset. For more information, see <maml:navigationLink><maml:linkText>How to Generate and Transfer HSM-Protected Keys for Azure Key Vault</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=522252).</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 5: Import a software-protected key</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Password = ConvertTo-SecureString -String 'Password' -AsPlainText -Force PS C:\> Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITPfx' -KeyFilePath 'C:\Contoso\ITPfx.pfx' -KeyFilePassword $Password </dev:code> <dev:remarks> <maml:para>The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. For more information, type Get-Help ConvertTo-SecureString.</maml:para> <maml:para>The second command creates a software password in the Contoso vault. The command specifies the location for the key and the password stored in $Password.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 6: Import a key and assign attributes</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Password = ConvertTo-SecureString -String 'password' -AsPlainText -Force PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() PS C:\> $Tags = @{ 'Severity' = 'high'; 'Accounting' = null } PS C:\> Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITPfxToHSM' -Destination 'HSM' -KeyFilePath 'C:\Contoso\ITPfx.pfx' -KeyFilePassword $Password -Expires $Expires -Tags $Tags </dev:code> <dev:remarks> <maml:para>The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. </maml:para> <maml:para>The second command creates a DateTime object by using the Get-Date cmdlet, and then stores that object in the $Expires variable. </maml:para> <maml:para>The third command creates the $tags variable to set tags for high severity and IT.</maml:para> <maml:para>The final command imports a key as an HSM key from the specified location. The command specifies the expiration time stored in $Expires and password stored in $Password, and applies the tags stored in $tags.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690295</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Backup-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureKeyVaultKeyAttribute</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Backup-AzureKeyVaultKey</command:name> <maml:description> <maml:para>Backs up a key in a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Backup</command:verb> <command:noun>AzureKeyVaultKey</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Backup-AzureKeyVaultKey cmdlet backs up a specified key in a vault by downloading it and storing it in a file. If there are multiple versions of the key, all versions are included in the backup. Because the downloaded content is encrypted, it cannot be used outside of Azure Key Vault. You can restore a backed-up key to any key vault in the subscription that it was backed up from.</maml:para> <maml:para>Typical reasons to use this cmdlet are: -- You want to escrow a copy of your key, so that you have an offline copy in case you accidentally delete your key in your key vault. -- You created a key using Azure Key Vault and now want to clone the key into a different Azure region, so that you can use it from all instances of your distributed application. Use the Backup-AzureKeyVaultKey cmdlet to retrieve the key in encrypted format and then use the Restore-AzureKeyVaultKey cmdlet and specify a key vault in the second region.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Backup-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault that contains the key to back up.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to back up.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="none"> <maml:name>OutputFile</maml:name> <maml:description> <maml:para>Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you. If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already exists. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to back up.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="none"> <maml:name>OutputFile</maml:name> <maml:description> <maml:para>Specifies the output file in which the backup blob is stored. If you do not specify this parameter, this cmdlet generates a file name for you. If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already exists. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault that contains the key to back up.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Back up a key with an automatically generated file name</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Backup-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey' </dev:code> <dev:remarks> <maml:para>This command retrieves the key named MyKey from the vault named MyKeyVault and saves a backup of that key to a file that is automatically named for you, and displays the file name. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Back up a key to a specified file name</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Backup-AzureKeyVaultKey -VaultName 'MyKeyVault' -Name 'MyKey' -OutputFile 'C:\Backup.blob' </dev:code> <dev:remarks> <maml:para>This command retrieves the key named MyKey from the vault named MyKeyVault and saves a backup of that key to a file named Backup.blob.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690296</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Restore-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-AzureKeyVaultKey</command:name> <maml:description> <maml:para>Gets the keys in a Key Vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Get</command:verb> <command:noun>AzureKeyVaultKey</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Get-AzureKeyVaultKey cmdlet gets the keys in an Azure Key Vault instance. This cmdlet gets a specific Microsoft.Azure.Commands.KeyVault.Models.KeyBundle or a list of all KeyBundle objects in a vault. </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key bundle to get.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>IncludeVersions</maml:name> <maml:description> <maml:para>Indicates that this cmdlet gets all versions of a key. The current version of a key is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters. </maml:para> <maml:para>If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the key with the specified Name.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your selected environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key bundle to get.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases="KeyVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your selected environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>IncludeVersions</maml:name> <maml:description> <maml:para>Indicates that this cmdlet gets all versions of a key. The current version of a key is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters. </maml:para> <maml:para>If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the key with the specified Name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key bundle to get.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your selected environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases="KeyVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>List<Microsoft.Azure.Commands.KeyVault.Models.KeyBundle>, Microsoft.Azure.Commands.KeyVault.Models.KeyBundle</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Get all the keys in a vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultKey -VaultName 'Contoso' </dev:code> <dev:remarks> <maml:para>This command gets all the keys in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Get the current version of a key </maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultKey -VaultName 'Contoso' -KeyName 'ITPfx' </dev:code> <dev:remarks> <maml:para>This command gets the current version of the key named ITPfx in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Get all versions of a key </maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultKey -VaultName 'Contoso' -KeyName 'ITPfx' -IncludeVersions </dev:code> <dev:remarks> <maml:para>This command gets all versions the key named ITPfx in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 4: Get a specific version of a key</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Key = Get-AzureKeyVaultKey -VaultName 'Contoso' -KeyName 'ITPfx' –Version '5A12A276385949DB8B5F82AFEE85CAED' </dev:code> <dev:remarks> <maml:para>This command gets a specific version of the key named ITPfx in the vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $Key object.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690297</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureKeyVaultKeyAttribute</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-AzureKeyVaultSecret</command:name> <maml:description> <maml:para>Gets the secrets in a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Get</command:verb> <command:noun>AzureKeyVaultSecret</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Get-AzureKeyVaultSecret cmdlet gets secrets in an Azure Key Vault instance. This cmdlet gets a specific secret or all the secrets in a vault. </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-AzureKeyVaultSecret</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the secret to get.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>IncludeVersions</maml:name> <maml:description> <maml:para>Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters.</maml:para> <maml:para>If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the secret with the specified Name.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureKeyVaultSecret</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the secret to get.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases="SecretVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureKeyVaultSecret</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>IncludeVersions</maml:name> <maml:description> <maml:para>Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. If you specify this parameter you must also specify the Name and VaultName parameters.</maml:para> <maml:para>If you do not specify the IncludeVersions parameter, this cmdlet gets the current version of the secret with the specified Name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the secret to get.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases="SecretVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>List<Microsoft.Azure.Commands.KeyVault.Models.Secret>, Microsoft.Azure.Commands.KeyVault.Models.Secret</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Get all current versions of all secrets in a vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultSecret -VaultName 'Contoso' </dev:code> <dev:remarks> <maml:para>This command gets the current versions of all secrets in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Get all versions of a specific secret</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -IncludeVersions </dev:code> <dev:remarks> <maml:para>This command gets all versions of the secret named ITSecret in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Get the current version of a specific secret </maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' </dev:code> <dev:remarks> <maml:para>This command gets the current version of the secret named ITSecret in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 4: Get a specific version of a specific secret </maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' –Version '6A12A286385949DB8B5F82AFEF85CAE9' </dev:code> <dev:remarks> <maml:para>This command gets a specific version of the secret named ITSecret in the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 5: Get the plain text value of the current version of a specific secret</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$secret = Get-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' PS C:\>Write-Host "Secret Value is: " $secret.SecretValueText </dev:code> <dev:remarks> <maml:para>These commands get the current version of a secret named ITSecret, and then displays the plain text value of that secret.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690298</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-AzureRmKeyVault</command:name> <maml:description> <maml:para>Gets Azure Key Vault instances.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Get</command:verb> <command:noun>AzureRmKeyVault</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Get-AzureRmKeyVault cmdlet gets information about the Azure Key Vault instances in a subscription. You can view all key vault instances in a subscription, or filter your results by a resource group or a particular key vault. </maml:para> <maml:para>Note that although specifying the resource group is optional for this cmdlet when you get a single key vault, you should do so for better performance. </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-AzureRmKeyVault</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault or key vaults being queried.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureRmKeyVault</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault or key vaults being queried.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureRmKeyVault</maml:name> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tag</maml:name> <maml:description> <maml:para>Specifies the key and value of the specified tag to filter the list of key vaults by hash table.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault or key vaults being queried.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tag</maml:name> <maml:description> <maml:para>Specifies the key and value of the specified tag to filter the list of key vaults by hash table.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Get all key vaults in your current subscription</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureRMKeyVault </dev:code> <dev:remarks> <maml:para>This command gets all the key vaults in your current subscription.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Get a specific key vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$MyVault = Get-AzureRMKeyVault -VaultName 'Contoso03Vault' </dev:code> <dev:remarks> <maml:para>This command gets the key vault named Contoso03Vault in your current subscription, and then stores it in the $MyVault variable. You can inspect the properties of $MyVault to get details about the key vault.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Get key vaults in a resource group</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureRMKeyVault -ResourceGroupName 'ContosoPayRollResourceGroup' </dev:code> <dev:remarks> <maml:para>This command gets all the key vaults in the resource group named ContosoPayRollResourceGroup.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkID=690161</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-AzureRmKeyVault</command:name> <maml:description> <maml:para>Creates an Azure Key Vault instance.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>New</command:verb> <command:noun>AzureRmKeyVault</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The New-AzureRmKeyVault cmdlet creates an Azure Key Vault instance in the specified resource group. This cmdlet also grants permissions to the currently logged on user to add, remove, or list keys and secrets in the vault.</maml:para> <maml:para>Note: If you see the error The subscription is not registered to use namespace 'Microsoft.KeyVault' when you try to create your new key vault, run Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.KeyVault" and then rerun your New-AzureRmKeyVault command. For more information, see Register-AzureRmResourceProvider.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-AzureRmKeyVault</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of an existing resource group in which to create the key vault. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="none"> <maml:name>Location</maml:name> <maml:description> <maml:para>Specifies the Azure region in which to create the key vault. Use the command <maml:navigationLink><maml:linkText>Get-AzureLocation</maml:linkText><maml:uri></maml:uri></maml:navigationLink> to see your choices. For more information, type Get-Help Get-AzureLocation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDeployment</maml:name> <maml:description> <maml:para>Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDiskEncryption</maml:name> <maml:description> <maml:para>Enables the Azure disk encryption service to get secrets and unwrap keys from this key vault. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForTemplateDeployment</maml:name> <maml:description> <maml:para>Enables Azure Resource Manager to get secrets from this key vault when this key vault is referenced in a template deployment. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Sku</maml:name> <maml:description> <maml:para>Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the <maml:navigationLink><maml:linkText>Azure Key Vault Pricing</maml:linkText><maml:uri></maml:uri></maml:navigationLink> website (http://go.microsoft.com/fwlink/?linkid=512521).</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">standard</command:parameterValue> <command:parameterValue required="false" variableLength="false">premium</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="Tags"> <maml:name>Tag</maml:name> <maml:description> <maml:para>Specifies a hash table that represents resource tags.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Hashtable</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDeployment</maml:name> <maml:description> <maml:para>Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDiskEncryption</maml:name> <maml:description> <maml:para>Enables the Azure disk encryption service to get secrets and unwrap keys from this key vault. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForTemplateDeployment</maml:name> <maml:description> <maml:para>Enables Azure Resource Manager to get secrets from this key vault when this key vault is referenced in a template deployment. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="none"> <maml:name>Location</maml:name> <maml:description> <maml:para>Specifies the Azure region in which to create the key vault. Use the command <maml:navigationLink><maml:linkText>Get-AzureLocation</maml:linkText><maml:uri></maml:uri></maml:navigationLink> to see your choices. For more information, type Get-Help Get-AzureLocation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of an existing resource group in which to create the key vault. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Sku</maml:name> <maml:description> <maml:para>Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the <maml:navigationLink><maml:linkText>Azure Key Vault Pricing</maml:linkText><maml:uri></maml:uri></maml:navigationLink> website (http://go.microsoft.com/fwlink/?linkid=512521).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="Tags"> <maml:name>Tag</maml:name> <maml:description> <maml:para>Specifies a hash table that represents resource tags.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.PSVault</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Create a Standard key vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>New-AzureRmKeyVault -VaultName 'Contoso03Vault' -ResourceGroupName 'Group14' -Location 'East US' </dev:code> <dev:remarks> <maml:para>This command creates a key vault named Contoso03Vault, in the Azure region East US. The command adds the key vault to the resource group named Group14. Because the command does not specify a value for the SKU parameter, it creates a Standard key vault. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Create a Premium key vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>New-AzureRmKeyVault -VaultName 'Contoso03Vault' -ResourceGroupName 'Group14' -Location 'East US' -Sku 'Premium' </dev:code> <dev:remarks> <maml:para>This command creates a key vault, just like the previous example. However, it specifies a value of Premium for the SKU parameter to create a Premium key vault. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690160</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-AzureKeyVaultKey</command:name> <maml:description> <maml:para>Deletes a key in a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Remove</command:verb> <command:noun>AzureKeyVaultKey</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Remove-AzureKeyVaultKey cmdlet deletes a key in an Azure Key Vault instance. This cmdlet has a value of high for the ConfirmImpact property.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not generate any output. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not generate any output. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.KeyBundle</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para>This cmdlet returns a value only if you specify the PassThru parameter. </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Remove a key from a vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' </dev:code> <dev:remarks> <maml:para>This command removes the key named ITSoftware from the vault named Contoso. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Remove a key without user confirmation</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Force -Confirm:$False </dev:code> <dev:remarks> <maml:para>This command removes the key named ITSoftware from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Remove keys by using the pipeline operator</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureKeyVaultKey -VaultName 'Contoso' | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzureKeyVaultKey </dev:code> <dev:remarks> <maml:para>This command gets all the keys in the vault named Contoso, and passes them to the Where-Object cmdlet by using the pipeline operator. That cmdlet passes the keys that have a value of $False for the Enabled attribute to the current cmdlet. That cmdlet removes those keys. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690299</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureKeyVaultKeyAttribute</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-AzureKeyVaultSecret</command:name> <maml:description> <maml:para>Deletes a secret in a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Remove</command:verb> <command:noun>AzureKeyVaultSecret</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Remove-AzureKeyVaultSecret cmdlet deletes a secret in an Azure Key Vault instance. This cmdlet has a value of high for the ConfirmImpact property.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-AzureKeyVaultSecret</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not generate any output. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not generate any output. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.Secret</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para>This cmdlet returns a value only if you specify the PassThru parameter.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Remove a secret from a vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' </dev:code> <dev:remarks> <maml:para>This command removes the secret named FinanceSecret from the vault named Contoso.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Remove a secret from a vault without user confirmation</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' -Force -Confirm:$False </dev:code> <dev:remarks> <maml:para>This command removes the secret named FinanceSecret from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690300</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-AzureRmKeyVaultAccessPolicy</command:name> <maml:description> <maml:para>Removes all permissions for a user or application from a vault.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Remove</command:verb> <command:noun>AzureRmKeyVaultAccessPolicy</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Remove-AzureRmKeyVaultAccessPolicy cmdlet removes all permissions for a user or application or for all users and applications from the Azure Key Vault instance. Even if you remove all permissions, the owner of the Azure subscription that contains the vault can add permissions to the key vault.</maml:para> <maml:para>Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance. </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ApplicationId</maml:name> <maml:description> <maml:para>For future use.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Guid</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDeployment</maml:name> <maml:description> <maml:para>Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDiskEncryption</maml:name> <maml:description> <maml:para>Enables the Azure disk encryption service to get secrets and unwrap keys from this key vault.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForTemplateDeployment</maml:name> <maml:description> <maml:para>Enables Azure Resource Manager to get secrets from this key vault when this key vault is referenced in a template deployment.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="SPN"> <maml:name>ServicePrincipalName</maml:name> <maml:description> <maml:para>Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>Specifies the user principal name of the user whose access you want to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ApplicationId</maml:name> <maml:description> <maml:para>For future use.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDeployment</maml:name> <maml:description> <maml:para>Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDiskEncryption</maml:name> <maml:description> <maml:para>Enables the Azure disk encryption service to get secrets and unwrap keys from this key vault.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForTemplateDeployment</maml:name> <maml:description> <maml:para>Enables Azure Resource Manager to get secrets from this key vault when this key vault is referenced in a template deployment.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="SPN"> <maml:name>ServicePrincipalName</maml:name> <maml:description> <maml:para>Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>Specifies the user principal name of the user whose access you want to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.PSVault</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Remove permissions for a user</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com' </dev:code> <dev:remarks> <maml:para>This command removes all the permissions that a user PattiFuller@contoso.com has on the key vault named Contoso03Vault.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Remove permissions for an application</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ServicePrincipalName 'http://payroll.contoso.com' </dev:code> <dev:remarks> <maml:para>This command removes all the permissions that an application has on the vault named Contoso03Vault. This example identifies the application by using the service principal name registered in Azure Active Directory, http://payroll.contoso.com.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Remove permissions for an application by using its object ID</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ObjectID 34595082-9346-41b6-8d6b-295a2808b8db </dev:code> <dev:remarks> <maml:para>This command removes all the permissions that an application has on the vault named Contoso03Vault. This example identifies the application by the object ID of the service principal.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 4: Remove permissions for the Microsoft.Compute resource provider</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' –ResourceGroupName 'Group14' -EnabledForDeployment </dev:code> <dev:remarks> <maml:para>This command removes permission for the Microsoft.Compute resource provider to get secrets from the Contoso03Vault. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690164</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureRmKeyVaultAccessPolicy</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-AzureRmKeyVault</command:name> <maml:description> <maml:para>Deletes an Azure Key Vault instance.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Remove</command:verb> <command:noun>AzureRmKeyVault</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Remove-AzureRmKeyVault cmdlet deletes the specified Azure Key Vault instance. It also deletes all keys and secrets contained in that instance.</maml:para> <maml:para>Note that although specifying the resource group is optional for this cmdlet, you should so for better performance. </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-AzureRmKeyVault</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the key vault. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the key vault. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Remove a key vault</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureRmKeyVault -VaultName "Contoso03Vault" </dev:code> <dev:remarks> <maml:para>This command removes the key vault named Contoso03Vault from your current subscription.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Remove a key vault from a specified resource group</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Remove-AzureRmKeyVault -VaultName "Contoso03Vault" -ResourceGroupName "Group14" </dev:code> <dev:remarks> <maml:para>This command removes the key vault named Contoso03Vault from the named resource group. If you do not specify the resource group name, the cmdlet searches for the named key vault to delete in your current subscription.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690162</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Restore-AzureKeyVaultKey</command:name> <maml:description> <maml:para>Creates a key in a vault from a backed-up key.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Restore</command:verb> <command:noun>AzureKeyVaultKey</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Restore-AzureKeyVaultKey cmdlet creates a key in the specified key vault. This key is a replica of the backed-up key in the input file and has the same name as the original key. If the key vault already has a key by the same name, this cmdlet fails instead of overwriting the original key. If the backup contains multiple versions of a key, all versions are restored. </maml:para> <maml:para>The key vault that you restore the key into can be different from the key vault that you backed up the key from. However, the key vault must use the same subscription and be in an Azure region in the same geography (for example, North America). See the <maml:navigationLink><maml:linkText>Microsoft Azure Trust Center</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (https://azure.microsoft.com/support/trust-center/) for the mapping of Azure regions to geographies.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Restore-AzureKeyVaultKey</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault into which to restore the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="none"> <maml:name>InputFile</maml:name> <maml:description> <maml:para>Specifies the input file that contains the backup of the key to restore.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="none"> <maml:name>InputFile</maml:name> <maml:description> <maml:para>Specifies the input file that contains the backup of the key to restore.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the key vault into which to restore the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name> </maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Restore a backed-up key</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Restore-AzureKeyVaultKey -VaultName 'MyKeyVault' -InputFile "C:\Backup.blob" </dev:code> <dev:remarks> <maml:para>This command restores a key, including all of its versions, from the backup file named Backup.blob into the key vault named MyKeyVault.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690301</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Backup-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-AzureKeyVaultKeyAttribute</command:name> <maml:description> <maml:para>Updates the attributes of a key in a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Set</command:verb> <command:noun>AzureKeyVaultKeyAttribute</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Set-AzureKeyVaultKeyAttribute cmdlet updates the editable attributes of a key in an Azure Key Vault instance.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-AzureKeyVaultKeyAttribute</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="KeyVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Enable</maml:name> <maml:description> <maml:para>Specifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>KeyOps</maml:name> <maml:description> <maml:para>Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.</maml:para> <maml:para>The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values (case-sensitive) are: -- encrypt -- decrypt -- wrap -- unwrap -- sign -- verify -- backup -- restore</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Enable</maml:name> <maml:description> <maml:para>Specifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>KeyOps</maml:name> <maml:description> <maml:para>Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.</maml:para> <maml:para>The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values (case-sensitive) are: -- encrypt -- decrypt -- wrap -- unwrap -- sign -- verify -- backup -- restore</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="KeyName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="KeyVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String, Boolean, DateTime</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.KeyBundle</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Modify a key to enable it, and set the expiration date and tags</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Expires = (Get-Date).AddYears(2).ToUniversalTime() PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = null} PS C:\> Set-AzureKeyVaultKeyAttribute -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True -Tags $Tags -PassThru </dev:code> <dev:remarks> <maml:para>The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date.</maml:para> <maml:para>The second command creates a variable to store tag values of high severity and Accounting.</maml:para> <maml:para>The final command modifies a key named ITSoftware. The command enables the key, sets its expiration time to the time stored in $Expires, and sets the tags that are stored in $Tags. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Modify a key to delete all tags</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureKeyVaultKeyAttribute -VaultName 'Contoso' -Name 'ITSoftware' –Version '7EEA45C6EE50490B9C3176F80AC1A0DG' –Tags @{} </dev:code> <dev:remarks> <maml:para>This commands deletes all tags for a specific version of a key named ITSoftware. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690302</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-AzureKeyVaultSecretAttribute</command:name> <maml:description> <maml:para>Updates attributes of a secret in a vault.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Set</command:verb> <command:noun>AzureKeyVaultSecretAttribute</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Set-AzureKeyVaultSecretAttribute cmdlet updates editable attributes of a secret in an Azure Key Vault instance.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-AzureKeyVaultSecretAttribute</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to modify. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies, and your currently selected environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="SecretVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the version of a secret. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ContentType</maml:name> <maml:description> <maml:para>Specifies the content type of a secret. If you do not specify this parameter, there is no change to the current secret's content type. To remove the existing content type, specify an empty string.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Enable</maml:name> <maml:description> <maml:para>Indicates whether to enable a secret. Specify $False to disable a secret, or $True to enable a secret. If you do not specify this parameter, there is no change to the current secret’s enabled or disabled state.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the date and time that a secret expires.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the Coordinated Universal Time (UTC) before which the secret can't be used. If you do not specify this parameter, there is no change to the current secret's NotBefore attribute.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ContentType</maml:name> <maml:description> <maml:para>Specifies the content type of a secret. If you do not specify this parameter, there is no change to the current secret's content type. To remove the existing content type, specify an empty string.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Enable</maml:name> <maml:description> <maml:para>Indicates whether to enable a secret. Specify $False to disable a secret, or $True to enable a secret. If you do not specify this parameter, there is no change to the current secret’s enabled or disabled state.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the date and time that a secret expires.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the Coordinated Universal Time (UTC) before which the secret can't be used. If you do not specify this parameter, there is no change to the current secret's NotBefore attribute.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to modify. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies, and your currently selected environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="3" aliases="SecretVersion"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies the version of a secret. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>string, bool?, DateTime?, string[], Hashtable, SwitchParameter</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Return Microsoft.Azure.Commands.KeyVault.Models.Secret object if PassThru is specified. Otherwise, return nothing.</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Modify the attributes of a secret</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Expires = (Get-Date).AddYears(2).ToUniversalTime() PS C:\> $Nbf = (Get-Date).ToUniversalTime() PS C:\> $Tags = @{ 'Severity' = 'medium'; 'HR' = null} PS C:\> $ContentType= 'xml' PS C:\> Set-AzureKeyVaultSecretAttribute -VaultName 'ContosoVault' -Name 'HR' -Expires $Expires -NotBefore $Nbf -ContentType $ContentType -Enable $True -Tags $Tags -PassThru </dev:code> <dev:remarks> <maml:para>The first four commands define attributes for the expiry date, the NotBefore date, tags, and context type, and store the attributes in variables.</maml:para> <maml:para>The final command modifies the attributes for the secret named HR in the vault named ContosoVault, using the stored variables. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Delete the tags and content type for a secret</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureKeyVaultSecretAttribute -VaultName 'ContosoVault' -Name 'HR' -Version '9EEA45C6EE50490B9C3176A80AC1A0DF' -ContentType '' -Tags -@{} </dev:code> <dev:remarks> <maml:para>This command deletes the tags and the content type for the specified version of the secret named HR in the vault named Contoso.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Disable the current version of secrets whose name begins with IT</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Vault = 'ContosoVault' PS C:\> $Prefix = 'IT' PS C:\> Get-AzureKeyVaultSecret $Vault | Where-Object {$_.Name -like $Prefix + '*'} | Set-AzureKeyVaultSecretAttribute -Enable $False </dev:code> <dev:remarks> <maml:para>The first command stores the string value Contoso in the $Vault variable.</maml:para> <maml:para>The second command stores the string value IT in the $Prefix variable.</maml:para> <maml:para>The third command uses the Get-AzureKeyVaultSecret cmdlet to get the secrets in the specified vault, and then passes those secrets to the Where-Object cmdlet. The Where-Object cmdlet filters the secrets for names that begin with the characters IT. The command pipes the secrets that match the filter to the Set-AzureKeyVaultSecretAttribute cmdlet, which disables them.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 4: Set the ContentType for all versions of a secret</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$VaultName = 'ContosoVault' PS C:\> $Name = 'HR' PS C:\> $ContentType = 'xml' PS C:\> Get-AzureKeyVaultKey -VaultName $VaultName -Name $Name -IncludeVersions | Set-AzureKeyVaultSecretAttribute -ContentType $ContentType </dev:code> <dev:remarks> <maml:para>The first three commands define string variables to use for the VaultName, Name, and ContentType parameters. The fourth command uses the Get-AzureKeyVaultKey cmdlet to get the specified keys, and pipes the keys to the Set-AzureKeyVaultSecretAttribute cmdlet to set their content type to XML.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690305</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultKey</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-AzureKeyVaultSecret</command:name> <maml:description> <maml:para>Creates or updates a secret in a vault. </maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Set</command:verb> <command:noun>AzureKeyVaultSecret</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in a key vault in Azure Key Vault. If the secret does not exist, this cmdlet creates it. If the secret already exists, this cmdlet creates a new version of that secret.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-AzureKeyVaultSecret</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="none"> <maml:name>SecretValue</maml:name> <maml:description> <maml:para>Specifies the value for the secret as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ContentType</maml:name> <maml:description> <maml:para>Specifies the content type of a secret. To delete the existing content type, specify an empty string.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Disable</maml:name> <maml:description> <maml:para>Indicates that this cmdlet disables a secret.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the secret that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Nullable [System.DateTime]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the secret cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Nullable [System.DateTime]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents tags for a secret. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Collections.Hashtable</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ContentType</maml:name> <maml:description> <maml:para>Specifies the content type of a secret. To delete the existing content type, specify an empty string.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Disable</maml:name> <maml:description> <maml:para>Indicates that this cmdlet disables a secret.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Expires</maml:name> <maml:description> <maml:para>Specifies the expiration time, as a DateTime object, for the secret that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Nullable [System.DateTime]</command:parameterValue> <dev:type> <maml:name>Nullable [System.DateTime]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="SecretName"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the time, as a DateTime object, before which the secret cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Nullable [System.DateTime]</command:parameterValue> <dev:type> <maml:name>Nullable [System.DateTime]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="none"> <maml:name>SecretValue</maml:name> <maml:description> <maml:para>Specifies the value for the secret as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies a hash table that represents tags for a secret. For more information about resource tags, see <maml:navigationLink><maml:linkText>Using tags to organize your Azure resources</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=613624).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Collections.Hashtable</command:parameterValue> <dev:type> <maml:name>System.Collections.Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String, SecureString</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.Secret</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para> </maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Modify the value of a secret using default attributes</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Secret = ConvertTo-SecureString -String 'Password' -AsPlainText -Force PS C:\> Set-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -SecretValue $Secret </dev:code> <dev:remarks> <maml:para>The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.</maml:para> <maml:para>The second command modifies value of the secret named ITSecret in the vault named Contoso. The secret value becomes the value stored in $Secret. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Modify the value of a secret using custom attributes</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>$Secret = ConvertTo-SecureString -String 'Password' -AsPlainText -Force PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() PS C:\> $NBF =(Get-Date).ToUniversalTime() PS C:\> $Tags = @{ 'Severity' = 'medium'; 'IT' = null } PS C:\> $ContentType = 'txt' PS C:\> Set-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -SecretValue $Secret -Expires $Expires -NotBefore $NBF -ContentType $ContentType -Disable $False -Tags $Tags </dev:code> <dev:remarks> <maml:para>The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.</maml:para> <maml:para>The next commands define custom attributes for the expiry date, tags, and context type, and store the attributes in variables.</maml:para> <maml:para>The final command modifies values of the secret named ITSecret in the vault named Contoso, by using the values specified previously as variables. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690303</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureKeyVaultSecret</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-AzureRmKeyVaultAccessPolicy</command:name> <maml:description> <maml:para>Grants or modifies existing permissions for a user, application, or security group to perform operations with a Key Vault.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>Set</command:verb> <command:noun>AzureRmKeyVaultAccessPolicy</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The Set-AzureRmKeyVaultAccessPolicy cmdlet grants or modifies existing permissions for a user, application, or security group to perform the specified operations with an Azure Key Vault instance. It does not modify the permissions that other users, applications, or security groups have on the Key Vault. </maml:para> <maml:para>If you are setting permissions for a security group, this operation affects only users in that security group. </maml:para> <maml:para>The following directories must all be the same Azure directory: -- The default directory of the Azure subscription in which the Key Vault resides. -- The Azure directory that contains the user or application group that you are granting permissions to. </maml:para> <maml:para>Examples of scenarios when these conditions are not met and this cmdlet will not work are: -- Authorizing a user from a different organization to manage your Key Vault. Each organization has its own directory. -- Your Azure account has multiple directories. If you register an application in a directory other than the default directory, you cannot authorize that application to use your Key Vault. The application must be in the default directory.</maml:para> <maml:para>Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance. </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of a Key Vault. This cmdlet modifies the access policy for the Key Vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ApplicationId</maml:name> <maml:description> <maml:para>For future use.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Guid</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>BypassObjectIdValidation</maml:name> <maml:description> <maml:para>Enables you to specify an object ID without validating that the object exists in Azure Active Directory. Use this parameter only if you want to grant access to your key vault to an object ID that refers to a delegated security group from another Azure tenant.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToKeys</maml:name> <maml:description> <maml:para>Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Decrypt -- Encrypt -- UnwrapKey -- WrapKey -- Verify -- Sign -- Get -- List -- Update -- Create -- Import -- Delete -- Backup -- Restore -- All</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="true">decrypt</command:parameterValue> <command:parameterValue required="false" variableLength="true">encrypt</command:parameterValue> <command:parameterValue required="false" variableLength="true">unwrapKey</command:parameterValue> <command:parameterValue required="false" variableLength="true">wrapKey</command:parameterValue> <command:parameterValue required="false" variableLength="true">verify</command:parameterValue> <command:parameterValue required="false" variableLength="true">sign</command:parameterValue> <command:parameterValue required="false" variableLength="true">get</command:parameterValue> <command:parameterValue required="false" variableLength="true">list</command:parameterValue> <command:parameterValue required="false" variableLength="true">update</command:parameterValue> <command:parameterValue required="false" variableLength="true">create</command:parameterValue> <command:parameterValue required="false" variableLength="true">import</command:parameterValue> <command:parameterValue required="false" variableLength="true">delete</command:parameterValue> <command:parameterValue required="false" variableLength="true">backup</command:parameterValue> <command:parameterValue required="false" variableLength="true">restore</command:parameterValue> <command:parameterValue required="false" variableLength="true">all</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToSecrets</maml:name> <maml:description> <maml:para>Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Get -- List -- Set -- Delete -- All</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="true">get</command:parameterValue> <command:parameterValue required="false" variableLength="true">list</command:parameterValue> <command:parameterValue required="false" variableLength="true">set</command:parameterValue> <command:parameterValue required="false" variableLength="true">delete</command:parameterValue> <command:parameterValue required="false" variableLength="true">all</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of the user or service principal in Azure Active Directory for which to grant permissions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of a Key Vault. This cmdlet modifies the access policy for the Key Vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDeployment</maml:name> <maml:description> <maml:para>Enables the Microsoft.Compute resource provider to retrieve secrets from this Key Vault when this Key Vault is referenced in resource creation, for example when creating a virtual machine.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDiskEncryption</maml:name> <maml:description> <maml:para>Enables the Azure disk encryption service to get secrets and unwrap keys from this Key Vault.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForTemplateDeployment</maml:name> <maml:description> <maml:para>Enables Azure Resource Manager to get secrets from this Key Vault when this Key Vault is referenced in a template deployment. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of a Key Vault. This cmdlet modifies the access policy for the Key Vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToKeys</maml:name> <maml:description> <maml:para>Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Decrypt -- Encrypt -- UnwrapKey -- WrapKey -- Verify -- Sign -- Get -- List -- Update -- Create -- Import -- Delete -- Backup -- Restore -- All</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="true">decrypt</command:parameterValue> <command:parameterValue required="false" variableLength="true">encrypt</command:parameterValue> <command:parameterValue required="false" variableLength="true">unwrapKey</command:parameterValue> <command:parameterValue required="false" variableLength="true">wrapKey</command:parameterValue> <command:parameterValue required="false" variableLength="true">verify</command:parameterValue> <command:parameterValue required="false" variableLength="true">sign</command:parameterValue> <command:parameterValue required="false" variableLength="true">get</command:parameterValue> <command:parameterValue required="false" variableLength="true">list</command:parameterValue> <command:parameterValue required="false" variableLength="true">update</command:parameterValue> <command:parameterValue required="false" variableLength="true">create</command:parameterValue> <command:parameterValue required="false" variableLength="true">import</command:parameterValue> <command:parameterValue required="false" variableLength="true">delete</command:parameterValue> <command:parameterValue required="false" variableLength="true">backup</command:parameterValue> <command:parameterValue required="false" variableLength="true">restore</command:parameterValue> <command:parameterValue required="false" variableLength="true">all</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToSecrets</maml:name> <maml:description> <maml:para>Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Get -- List -- Set -- Delete -- All</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="true">get</command:parameterValue> <command:parameterValue required="false" variableLength="true">list</command:parameterValue> <command:parameterValue required="false" variableLength="true">set</command:parameterValue> <command:parameterValue required="false" variableLength="true">delete</command:parameterValue> <command:parameterValue required="false" variableLength="true">all</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="SPN"> <maml:name>ServicePrincipalName</maml:name> <maml:description> <maml:para>Specifies the service principal name of the application to which to grant permissions. Specify the application ID, also known as client ID, registered for the application in AzureActive Directory. The application with the service principal name that this parameter specifies must be registered in the Azure directory that contains your current subscription.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-AzureRmKeyVaultAccessPolicy</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of a Key Vault. This cmdlet modifies the access policy for the Key Vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToKeys</maml:name> <maml:description> <maml:para>Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Decrypt -- Encrypt -- UnwrapKey -- WrapKey -- Verify -- Sign -- Get -- List -- Update -- Create -- Import -- Delete -- Backup -- Restore -- All</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="true">decrypt</command:parameterValue> <command:parameterValue required="false" variableLength="true">encrypt</command:parameterValue> <command:parameterValue required="false" variableLength="true">unwrapKey</command:parameterValue> <command:parameterValue required="false" variableLength="true">wrapKey</command:parameterValue> <command:parameterValue required="false" variableLength="true">verify</command:parameterValue> <command:parameterValue required="false" variableLength="true">sign</command:parameterValue> <command:parameterValue required="false" variableLength="true">get</command:parameterValue> <command:parameterValue required="false" variableLength="true">list</command:parameterValue> <command:parameterValue required="false" variableLength="true">update</command:parameterValue> <command:parameterValue required="false" variableLength="true">create</command:parameterValue> <command:parameterValue required="false" variableLength="true">import</command:parameterValue> <command:parameterValue required="false" variableLength="true">delete</command:parameterValue> <command:parameterValue required="false" variableLength="true">backup</command:parameterValue> <command:parameterValue required="false" variableLength="true">restore</command:parameterValue> <command:parameterValue required="false" variableLength="true">all</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToSecrets</maml:name> <maml:description> <maml:para>Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Get -- List -- Set -- Delete -- All</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="true">get</command:parameterValue> <command:parameterValue required="false" variableLength="true">list</command:parameterValue> <command:parameterValue required="false" variableLength="true">set</command:parameterValue> <command:parameterValue required="false" variableLength="true">delete</command:parameterValue> <command:parameterValue required="false" variableLength="true">all</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>Specifies the user principal name of the user to whom to grant permissions. This user principal name must exist in the directory associated with the current subscription.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ApplicationId</maml:name> <maml:description> <maml:para>For future use.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>BypassObjectIdValidation</maml:name> <maml:description> <maml:para>Enables you to specify an object ID without validating that the object exists in Azure Active Directory. Use this parameter only if you want to grant access to your key vault to an object ID that refers to a delegated security group from another Azure tenant.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDeployment</maml:name> <maml:description> <maml:para>Enables the Microsoft.Compute resource provider to retrieve secrets from this Key Vault when this Key Vault is referenced in resource creation, for example when creating a virtual machine.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForDiskEncryption</maml:name> <maml:description> <maml:para>Enables the Azure disk encryption service to get secrets and unwrap keys from this Key Vault.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>EnabledForTemplateDeployment</maml:name> <maml:description> <maml:para>Enables Azure Resource Manager to get secrets from this Key Vault when this Key Vault is referenced in a template deployment. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of the user or service principal in Azure Active Directory for which to grant permissions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>PassThru</maml:name> <maml:description> <maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToKeys</maml:name> <maml:description> <maml:para>Specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Decrypt -- Encrypt -- UnwrapKey -- WrapKey -- Verify -- Sign -- Get -- List -- Update -- Create -- Import -- Delete -- Backup -- Restore -- All</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="none"> <maml:name>PermissionsToSecrets</maml:name> <maml:description> <maml:para>Specifies an array of secret operation permissions to grant to a user or service principal. The acceptable values for this parameter are: -- Get -- List -- Set -- Delete -- All</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="2" aliases="none"> <maml:name>ResourceGroupName</maml:name> <maml:description> <maml:para>Specifies the name of a resource group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="SPN"> <maml:name>ServicePrincipalName</maml:name> <maml:description> <maml:para>Specifies the service principal name of the application to which to grant permissions. Specify the application ID, also known as client ID, registered for the application in AzureActive Directory. The application with the service principal name that this parameter specifies must be registered in the Azure directory that contains your current subscription.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>Specifies the user principal name of the user to whom to grant permissions. This user principal name must exist in the directory associated with the current subscription.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true(ByPropertyName)" position="1" aliases="none"> <maml:name>VaultName</maml:name> <maml:description> <maml:para>Specifies the name of a Key Vault. This cmdlet modifies the access policy for the Key Vault that this parameter specifies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String, Guid, String[], Switch</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Azure.Commands.KeyVault.Models.PSVault</maml:name> <maml:uri> </maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>Example 1: Grant permissions to a user for a Key Vault and modify the permissions</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com' -PermissionsToKeys create,import,delete,list -PermissionsToSecrets 'Set,Delete' PS C:\> Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com' -PermissionsToSecrets 'Set,Delete,Get' -PassThru PS C:\> Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com' -PermissionsToKeys @() -PassThru </dev:code> <dev:remarks> <maml:para>The first command grants permissions for a user in your Azure Active Directory, PattiFuller@contoso.com, to perform operations on keys and secrets with a Key Vault named Contoso03Vault.</maml:para> <maml:para>The second command modifies the permissions that were granted to PattiFuller@contoso.com in the first command, to now allow getting secrets in addition to setting and deleting them. The permissions to key operations remain unchanged after this command. The PassThru parameter results in the updated Key Vault object being returned by the cmdlet.</maml:para> <maml:para>The final command further modifies the existing permissions for PattiFuller@contoso.com to remove all permissions to key operations. The permissions to secret operations remain unchanged after this command. The PassThru parameter results in the updated Key Vault object being returned by the cmdlet.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 2: Grant permissions for an application service principal to read and write secrets</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ServicePrincipalName 'http://payroll.contoso.com' -PermissionsToSecrets 'Get,Set' </dev:code> <dev:remarks> <maml:para>This command grants permissions for an application for a Key Vault named Contoso03Vault. The ServicePrincipalName parameter specifies the application. The application must be registered in your Azure Active Directory. The value of the ServicePrincipalName parameter must be either the service principal name of the application or the application ID GUID. This example specifies the service principal name http://payroll.contoso.com, and the command grants the application permissions to read and write secrets.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 3: Grant permissions for an application using its object ID</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ObjectId 34595082-9346-41b6-8d6b-295a2808b8db -PermissionsToSecrets 'Get,Set' </dev:code> <dev:remarks> <maml:para>This command grants the application permissions to read and write secrets. This example specifies the application using the object ID of the service principal of the application.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 4: Grant permissions for a user principal name</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com' -PermissionsToSecrets 'Get,List,Set' </dev:code> <dev:remarks> <maml:para>This command grants get, list, and set permissions for the specified user principal name for access to secrets.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 5: Enable secrets to be retrieved from a vault by the Microsoft.Compute resource provider</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' –ResourceGroupName 'Group14' -EnabledForDeployment </dev:code> <dev:remarks> <maml:para>This command grants the permissions for secrets to be retrieved from the Contoso03Vault Key Vault by the Microsoft.Compute resource provider. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>Example 6: Grant permissions to a security group</maml:title> <maml:introduction> <maml:para> </maml:para> </maml:introduction> <dev:code>PS C:\>Get-AzureRmADGroup DisplayName Type ObjectId ----------- ---- -------- group1 96a0daa6-9841-4a9c-bdeb-e7062276c688 group2 b8a401eb-63ad-4a30-b0e1-a7461969fe54 group3 da07a6be-2c1e-4e42-934d-ceb57cf652b4 PS C:\>Set-AzureRmKeyVaultAccessPolicy -VaultName 'myownvault' -ObjectId (Get-AzureRmADGroup -SearchString 'group2')[0].Id -PermissionsToKeys All -PermissionsToSecrets All </dev:code> <dev:remarks> <maml:para>The first command uses the Get-AzureRmADGroup cmdlet to get all Active Directory groups. From the output, you see 3 groups returned, named group1, group2, and group3. Multiple groups can have the same name but always have a unique ObjectId. When more than one group that has the same name is returned, use the ObjectId in the output to identify the one you want to use. </maml:para> <maml:para>You then use the output of this command with Set-AzureRmKeyVaultAccessPolicy to grant permissions to group2 for your key vault, named myownvault. This example enumerates the groups named 'group2' inline in the same command line. There may be multiple groups in the returned list that are named 'group2'. This example picks the first one, indicated by index [0] in the returned list.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/?LinkId=690163</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureRmKeyVault</maml:linkText> <maml:uri /> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-AzureRmKeyVaultAccessPolicy</maml:linkText> <maml:uri /> </maml:navigationLink> </maml:relatedLinks> </command:command> </helpItems> |