Edit

Share via

Delete, restore, or purge a secret in Azure Key Vault with JavaScript

  • Article

Create the SecretClient with the appropriate programmatic authentication credentials, then use the client to delete an existing secret from Azure Key Vault.

Delete a secret

To delete a secret in Azure Key Vault, use the beginDeleteSecret long running operation (LRO) method of the SecretClient class, chained with the pollUntilDone to wait until the deletion is complete.

When a secret is deleted, it uses the configured delete strategy for the key vault.

const existingSecretName = 'myExistingSecret';

// Begin LRO
const deletePoller = await client.beginDeleteSecret(secretName);

// Wait for LRO to complete
const deleteResult = await deletePoller.pollUntilDone();

console.log(`SecretName: ${deleteResult.name}`);
console.log(`DeletedDate: ${deleteResult.deletedOn}`);
console.log(`Version: ${deleteResult.properties.deletedOn}`);
console.log(`PurgeDate: ${deleteResult.scheduledPurgeDate}`);

This deleteResult is a DeletedSecret object.

Recover a deleted secret

To recover a deleted secret in Azure Key Vault, use the beginRecoverDeletedSecret long running operation (LRO) method of the SecretClient class, chained with the pollUntilDone to wait until the recovery is complete.

The recovered secret has the same:

  • name
  • value
  • all properties including enabled, createdOn, tags, and version
const deletedSecretName = 'myDeletedSecret';

// Begin LRO
const recoveryPoller = await client.beginRecoverDeletedSecret(secretName);

// Wait for LRO to complete
const recoveryResult = await recoveryPoller.pollUntilDone();

console.log(`SecretName: ${recoveryResult.name}`);
console.log(`Version: ${recoveryResult.version}`);

This recoveryResult is a SecretProperties object.

Purge a secret

To purge a secret in Azure Key Vault immediately, use the beginDeleteSecret method of the SecretClient class.

The purge operation happens immediately and is irreversible. Consider creating a backup of the secret before purging it.

const deletedSecretName = 'myDeletedSecret';

// Purge
await client.purgeDeletedSecret(mySecretName);

Next steps