Cmdlets

Choose a cmdlet from the list on the left or search for a specific cmdlet. Choose a cmdlet from the list or search for a specific cmdlet.
About Help  Providers
 

Set-AzureKeyVaultSecret

Set-AzureKeyVaultSecret

microsoft.azure.commands.keyvault.dll

Synopsis

Creates or updates a secret in a vault.

Syntax

Set-AzureKeyVaultSecret [-VaultName] [-Name] [-SecretValue] [-ContentType] [-Disable] [-Expires] [-NotBefore] [-Profile] [-Tags] [<CommonParameters>]

Detailed Description

The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in an Azure Key Vault. If the secret does not exist, this cmdlet creates it. If the secret already exists, this cmdlet replaces it with the value that you specify.

Parameters

-ContentType <System.String>

Specifies the content type of a secret. To delete the existing content type, specify an empty string.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-Disable <SwitchParameter>

Indicates that this cmdlet disables a secret.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

false

Accept wildcard characters?

false

-Expires <Nullable [System.DateTime]>

Specifies the expiration time, as a DateTime object, for the secret that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-Name <String>

Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.

Aliases

SecretName

Required?

true

Position

2

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-NotBefore <Nullable [System.DateTime]>

Specifies the time, as a DateTime object, before which the secret cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-Profile <Microsoft.Azure.Common.Authentication.Models.AzureProfile>

Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

false

Accept wildcard characters?

false

-SecretValue <SecureString>

Specifies the value for the secret as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString.

Aliases

none

Required?

true

Position

3

Default value

none

Accept pipeline input?

false

Accept wildcard characters?

false

-Tags <System.Collections.Hashtable>

Specifies a hash table that represents tags for a secret. If you do not specify this parameter, there is no change to the current secret's tags. To remove a tag, specify an empty hash table. For more information about resource tags, see Using tags to organize your Azure resources (http://go.microsoft.com/fwlink/?LinkId=613624).

Aliases

none

Required?

false

Position

named

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

-VaultName <String>

Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.

Aliases

none

Required?

true

Position

1

Default value

none

Accept pipeline input?

true(ByPropertyName)

Accept wildcard characters?

false

Input Type

String, SecureString

Return Type

Microsoft.Azure.Commands.KeyVault.Models.Secret

Notes

None

Examples

Example 1: Modify the value of a secret using default attributes

The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.

The second command modifies value of the secret named ITSecret in the vault named Contoso. The secret value becomes the value stored in $Secret.

PS C:\>$Secret = ConvertTo-SecureString -String "Password" -AsPlainText -Force 
PS C:\> Set-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" -SecretValue $Secret

Example 2: Modify the value of a secret using custom attributes

The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.

The next commands define custom attributes for the expiry date, tags, and context type, and store the attributes in variables.

The final command modifies values of the secret named ITSecret in the vault named Contoso, by using the values specified previously as variables.

PS C:\>$Secret = ConvertTo-SecureString -String "Password" -AsPlainText -Force 
PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
PS C:\> $NBF =(Get-Date).ToUniversalTime()
PS C:\> $Tags = @{ "Severity" = "medium"; "IT" = null }
PS C:\> $ContentType = "txt"  
PS C:\> Set-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" -SecretValue $Secret -Expires $Expires -NotBefore $NBF -ContentType $ContentType -Enable $True -Tags $Tags -PassThru

Online Version
Get-AzureKeyVaultSecret
Remove-AzureKeyVaultSecret