Enable and disable a secret in Azure Key Vault with JavaScript

Create the SecretClient with the appropriate programmatic authentication credentials, then use the client to enable and disable a secret from Azure Key Vault.

Enable a secret

To enable a secret in Azure Key Vault, use the updateSecretProperties method of the SecretClient class.

const name = 'mySecret';
const version= 'd9f2f96f120d4537ba7d82fecd913043'

const properties = await client.updateSecretProperties(
    secretName,
    version,
    { enabled: true }
);

// get secret value
const { value } = await client.getSecret(secretName, version);

This method returns the SecretProperties object.

Disable a new secret

To disable a secret when it's created, use the setSecret method with the option for enabled set to false.

const mySecretName = 'mySecret';
const mySecretValue = 'mySecretValue';

// Success
const { name, value, properties } = await client.setSecret(
    mySecretName, 
    mySecretValue, 
    { enabled: false }
);

// Can't read value of disabled secret
try{
    const secret = await client.getSecret(
        mySecretName, 
        properties.version
    );
} catch(err){
    // `Operation get is not allowed on a disabled secret.`
    console.log(err.message);
}

Disable an existing secret

To disable an existing secret in Azure Key Vault, use the updateSecretProperties method of the SecretClient class.

const name = 'mySecret';
const version= 'd9f2f96f120d4537ba7d82fecd913043';

// Success
const properties = await client.updateSecretProperties(
    secretName,
    version,
    { enabled: false }
);

// Can't read value of disabled secret
try{
    const { value } = await client.getSecret(secretName, version);
} catch(err){
    // `Operation get is not allowed on a disabled secret.`
    console.log(err.message);
}

This method returns the SecretProperties object.

Next steps

• Delete secret