Get-AzKeyVault
Gets key vaults.
Syntax
Get-AzKeyVault
[[-VaultName] <String>]
[[-ResourceGroupName] <String>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-SubscriptionId <String>]
[<CommonParameters>] Get-AzKeyVault
[-VaultName] <String>
[-Location] <String>
[-InRemovedState]
[-DefaultProfile <IAzureContextContainer>]
[-SubscriptionId <String>]
[<CommonParameters>] Get-AzKeyVault
[-InRemovedState]
[-DefaultProfile <IAzureContextContainer>]
[-SubscriptionId <String>]
[<CommonParameters>] Description
The Get-AzKeyVault cmdlet gets information about the key vaults in a subscription. You can view all key vaults instances in a subscription, or filter your results by a resource group or a particular key vault. Note that although specifying the resource group is optional for this cmdlet when you get a single key vault, you should do so for better performance.
The cmdlet may call below Microsoft Graph API according to input parameters:
- GET /directoryObjects/{id}
- GET /users/{id}
- GET /servicePrincipals/{id}
- GET /groups/{id}
Examples
Example 1: Get all key vaults in your current subscription
Get-AzKeyVault
Vault Name : myvault1
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers/Microsoft.Ke
yVault/vaults/myvault1
Tags :
Vault Name : myvault2
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault2
Tags :
Vault Name : myvault3
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault3
Tags :This command gets all the key vaults in your current subscription.
Example 2: Get a specific key vault
Get-AzKeyVault -VaultName 'myvault'
Vault Name : myvault
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
/Microsoft.KeyVault/vaults/myvault
Vault URI : https://myvault.vault.azure.net/
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU : Standard
Enabled For Deployment? : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Object ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Application ID :
Display Name : User Name (username@microsoft.com)
Permissions to Keys : get, create, delete, list, update,
import, backup, restore, recover
Permissions to Secrets : get, list, set, delete, backup,
restore, recover
Permissions to Certificates : get, delete, list, create, import,
update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
setissuers, recover
Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
listsas, regeneratekey, set, setsas, update
Tags :This command gets the key vault named myvault in your current subscription.
Example 3: Get key vaults in a resource group
Get-AzKeyVault -ResourceGroupName 'myrg1'
Vault Name : myvault2
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault2
Tags :
Vault Name : myvault3
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault3
Tags :This command gets all the key vaults in the resource group named ContosoPayRollResourceGroup.
Example 4: Get all deleted key vaults in your current subscription
Get-AzKeyVault -InRemovedState
Vault Name : myvault4
Location : westus
Id : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.KeyVault/locations/westu
s/deletedVaults/myvault4
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers/Microsoft.K
eyVault/vaults/myvault4
Deletion Date : 5/24/2018 9:33:24 PM
Scheduled Purge Date : 8/22/2018 9:33:24 PM
Tags :This command gets all the deleted key vaults in your current subscription.
Example 5: Get a deleted key vault
Get-AzKeyVault -VaultName 'myvault4' -Location 'westus' -InRemovedState
Vault Name : myvault4
Location : westus
Id : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.KeyVault/locations/westu
s/deletedVaults/myvault4
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers/Microsoft.K
eyVault/vaults/myvault4
Deletion Date : 5/24/2018 9:33:24 PM
Scheduled Purge Date : 8/22/2018 9:33:24 PM
Tags :This command gets the deleted key vault information named myvault4 in your current subscription and in westus region.
Example 6: Get key vaults using filtering
Get-AzKeyVault -VaultName 'myvault*'
Vault Name : myvault2
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault2
Tags :
Vault Name : myvault3
Resource Group Name : myrg1
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg1/providers/Microsoft.Ke
yVault/vaults/myvault3
Tags :This command gets all the key vaults in the subscription that start with "myvault".
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InRemovedState
Specifies whether to show the previously deleted vaults in the output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Location
The location of the deleted vault.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
Specifies the name of the resource group associated with the key vault or key vaults being queried.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | True |
-SubscriptionId
The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Tag
Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"}
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-VaultName
Specifies the name of the key vault.
| Type: | String |
| Aliases: | Name |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | True |
