Cmdlets

Choose a cmdlet from the list on the left or search for a specific cmdlet. Choose a cmdlet from the list or search for a specific cmdlet.
About Help  Providers
 

Remove-AzureKeyVaultAccessPolicy

Remove-AzureKeyVaultAccessPolicy

microsoft.azure.commands.keyvault.dll

Synopsis

Removes all permissions for a user or application from the Azure Key Vault.

Syntax

Remove-AzureKeyVaultAccessPolicy [-ResourceGroupName] [-EnabledForDeployment] [-PassThru] [-Profile] [<CommonParameters>]

Remove-AzureKeyVaultAccessPolicy [-VaultName] [-ResourceGroupName] [-EnabledForDeployment] [-PassThru] [-Profile] [-ServicePrincipalName] [<CommonParameters>]

Remove-AzureKeyVaultAccessPolicy [-VaultName] [-ResourceGroupName] [-EnabledForDeployment] [-PassThru] [-Profile] [-UserPrincipalName] [<CommonParameters>]

Remove-AzureKeyVaultAccessPolicy [-VaultName] [-ResourceGroupName] [-EnabledForDeployment] [-PassThru] [-Profile] [-ObjectId] [<CommonParameters>]

Detailed Description

The Remove-AzureKeyVaultAccessPolicy cmdlet removes all permissions for a user or application or for all users and applications from the Azure Key Vault. Even if you remove all permissions, the owner of the Azure subscription that contains the vault can add permissions to the key vault.

Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance.

Parameters

-EnabledForDeployment <SwitchParameter>

Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a virtual machine.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-ObjectId <Guid>

Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.

Aliases

none

Required?

true

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-PassThru <SwitchParameter>

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

false

Accept wildcard characters?

false

-Profile <Microsoft.Azure.Common.Authentication.Models.AzureProfile>

Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

false

Accept wildcard characters?

false

-ResourceGroupName <System.String>

Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet searches for the key vault in the current subscription.

Aliases

none

Required?

false

Position

2

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-ServicePrincipalName <String>

Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client ID, registered for the application in Azure Active Directory.

Aliases

SPN

Required?

true

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-UserPrincipalName <String>

Specifies the user principal name of the user whose access you want to remove.

Aliases

UPN

Required?

true

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-VaultName <String>

Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.

Aliases

none

Required?

true

Position

1

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

Input Type

String, Guid

Return Type

Microsoft.Azure.Commands.KeyVault.Models.PSVault

Notes

None

Examples

Example 1: Remove permissions for a user

This command removes all the permissions that a user PattiFuller@contoso.com has on the key vault named Contoso03Vault.

PS C:\>Remove-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -UserPrincipalName "PattiFuller@contoso.com" 

Example 2: Remove permissions for an application

This command removes all the permissions that an application has on the vault named Contoso03Vault. This example identifies the application by using the service principal name registered in Azure Active Directory, http://payroll.contoso.com.

PS C:\>Remove-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -ServicePrincipalName "http://payroll.contoso.com" 

Example 3: Remove permissions for an application by using its object ID

This command removes all the permissions that an application has on the vault named Contoso03Vault. This example identifies the application by the object ID of the service principal.

PS C:\>Remove-AzureKeyVaultAccessPolicy -VaultName "Contoso03Vault" -ObjectID 34595082-9346-41b6-8d6b-295a2808b8db 

Online Version
Set-AzureKeyVaultAccessPolicy