From 04ad4f494757e383448b575d672fdfafc75abe80 Mon Sep 17 00:00:00 2001 From: Yash <55773468+notyashhh@users.noreply.github.com> Date: Mon, 11 Nov 2024 14:12:40 +1100 Subject: [PATCH] [Key Vault] Add Secret URI Parameter to Key Vault Secret Cmdlets (#26222) * Added secretUri support for all the 'secret' cmdlets * Updated Changelog * Added ResourceId aliases for backwards compatibility * Added Tests, Secret Data Class * Updated Help Docs * Use Typed varaibles * Add example usages in help docs * Error Suppression * Change Data Class Accessibility * Move Split Logic to Constructor * Added uri format to help docs --- .../PesterTests/KeyVaultSecretUri.Tests.ps1 | 65 ++++++ src/KeyVault/KeyVault/ChangeLog.md | 1 + .../Secret/BackupAzureKeyVaultSecret.cs | 21 ++ .../Commands/Secret/GetAzureKeyVaultSecret.cs | 70 ++++-- .../Secret/RemoveAzureKeyVaultSecret.cs | 23 +- .../Secret/RestoreAzureKeyVaultSecret.cs | 35 ++- .../Commands/Secret/SetAzureKeyVaultSecret.cs | 21 ++ .../Secret/UndoAzureKeyVaultSecretRemoval.cs | 21 ++ .../Secret/UpdateAzureKeyVaultSecret.cs | 22 ++ .../KeyVault/Models/KeyVaultCmdletBase.cs | 1 + .../Models/Secret/KeyVaultSecretUri.cs | 54 +++++ .../KeyVault/help/Backup-AzKeyVaultSecret.md | 79 +++++-- .../KeyVault/help/Get-AzKeyVaultSecret.md | 217 +++++++++++++----- .../KeyVault/help/Remove-AzKeyVaultSecret.md | 113 ++++++--- .../KeyVault/help/Restore-AzKeyVaultSecret.md | 104 +++++++-- .../KeyVault/help/Set-AzKeyVaultSecret.md | 104 +++++++-- .../help/Undo-AzKeyVaultSecretRemoval.md | 88 +++++-- .../KeyVault/help/Update-AzKeyVaultSecret.md | 91 ++++++-- .../Exceptions/Az.KeyVault/ExampleIssues.csv | 16 +- 19 files changed, 933 insertions(+), 213 deletions(-) create mode 100644 src/KeyVault/KeyVault.Test/PesterTests/KeyVaultSecretUri.Tests.ps1 create mode 100644 src/KeyVault/KeyVault/Models/Secret/KeyVaultSecretUri.cs diff --git a/src/KeyVault/KeyVault.Test/PesterTests/KeyVaultSecretUri.Tests.ps1 b/src/KeyVault/KeyVault.Test/PesterTests/KeyVaultSecretUri.Tests.ps1 new file mode 100644 index 000000000000..a0194971ba25 --- /dev/null +++ b/src/KeyVault/KeyVault.Test/PesterTests/KeyVaultSecretUri.Tests.ps1 @@ -0,0 +1,65 @@ +BeforeAll { + . "$PSScriptRoot\..\Scripts\Common.ps1" # Common setup script + + # Load the Az.KeyVault module from the debug artifacts + $psd1Path = Join-Path $PSScriptRoot "../../../../artifacts/Debug/" -Resolve + $keyVaultPsd1 = Join-Path $psd1Path "./Az.KeyVault/Az.KeyVault.psd1" -Resolve + Import-Module $keyVaultPsd1 -Force + + # Define key variables + $resourceGroupName = "yash-rg$(Get-Random)" # Use existing resource group + $location = "eastus" + $vaultName = "yashkv$(Get-Random)" # Generate unique Key Vault name + $secretName = "TestSecret" + $secretValue = ConvertTo-SecureString "InitialSecretValue" -AsPlainText -Force + + # Set up resource group + New-AzResourceGroup -Name $resourceGroupName -Location $location + + # Create a Key Vault in the existing resource group + New-AzKeyVault -ResourceGroupName $resourceGroupName -VaultName $vaultName -Location $location + + # Create a new secret in the Key Vault + Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue +} + + +Describe 'Azure KeyVault Secret URI Live Tests' { + + It 'should retrieve the secret using the Secret URI with Get-AzKeyVaultSecret' { + # Construct the secret URI + $secretUri = "https://$vaultName.vault.azure.net/secrets/$secretName" + + # Retrieve the secret using its URI + $retrievedSecret = Get-AzKeyVaultSecret -Id $secretUri -AsPlainText + + # Validate that the secret is retrieved successfully + $retrievedSecret | Should -Be "InitialSecretValue" + } + + It 'should update the secret value using Set-AzKeyVaultSecret' { + # Update the secret value + $newSecretValue = ConvertTo-SecureString "UpdatedSecretValue" -AsPlainText -Force + Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $newSecretValue + + # Retrieve the updated secret + $retrievedSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -AsPlainText + + # Validate the secret has been updated + $retrievedSecret | Should -Be "UpdatedSecretValue" + } + + It 'should remove the secret using Remove-AzKeyVaultSecret' { + # Remove the secret + Remove-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -Force + + # Ensure the secret is deleted + Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName | Should -BeNullOrEmpty + } +} + +AfterAll { + # Clean up Key Vault & Resource Group) + Remove-AzKeyVault -VaultName $vaultName -ResourceGroupName $resourceGroupName -Force + Remove-AzResourceGroup -Name $resourceGroupName -Force +} \ No newline at end of file diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md index 9946e730f7e4..68cafe0d5f3b 100644 --- a/src/KeyVault/KeyVault/ChangeLog.md +++ b/src/KeyVault/KeyVault/ChangeLog.md @@ -18,6 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release +* Added Secret URI Parameter to Key Vault Secret Cmdlets [#23053] ## Version 6.2.0 * Fixed a parameter validation issue in Set-AzureKeyVaultCertificatePolicy. [#25649] diff --git a/src/KeyVault/KeyVault/Commands/Secret/BackupAzureKeyVaultSecret.cs b/src/KeyVault/KeyVault/Commands/Secret/BackupAzureKeyVaultSecret.cs index 5818b921c96a..fec73ee12dbd 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/BackupAzureKeyVaultSecret.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/BackupAzureKeyVaultSecret.cs @@ -16,6 +16,7 @@ using System.Management.Automation; using Microsoft.Azure.Commands.Common.Authentication; using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; @@ -35,6 +36,7 @@ public class BackupAzureKeyVaultSecret : KeyVaultCmdletBase private const string BySecretNameParameterSet = "BySecretName"; private const string BySecretObjectParameterSet = "BySecret"; + private const string BySecretUriParameterSet = "BySecretUri"; #endregion @@ -62,6 +64,17 @@ public class BackupAzureKeyVaultSecret : KeyVaultCmdletBase [Alias( Constants.SecretName )] public string Name { get; set; } + /// + /// KeyVault Secret ID (uri of the secret) + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + /// /// The secret object to be backed up. /// @@ -105,6 +118,14 @@ public override void ExecuteCmdlet( ) VaultName = InputObject.VaultName; } + if (ParameterSetName == BySecretUriParameterSet) + { + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; + Name = splitUri.SecretName; + } + if ( ShouldProcess( Name, Properties.Resources.BackupSecret ) ) { if ( string.IsNullOrEmpty( OutputFile ) ) diff --git a/src/KeyVault/KeyVault/Commands/Secret/GetAzureKeyVaultSecret.cs b/src/KeyVault/KeyVault/Commands/Secret/GetAzureKeyVaultSecret.cs index c4a14d5b9f2a..d06a38351d53 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/GetAzureKeyVaultSecret.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/GetAzureKeyVaultSecret.cs @@ -13,8 +13,10 @@ // ---------------------------------------------------------------------------------- using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; +using System; using System.Management.Automation; using System.Runtime.InteropServices; using System.Security; @@ -30,14 +32,15 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase private const string ByVaultNameParameterSet = "ByVaultName"; private const string BySecretNameParameterSet = "BySecretName"; private const string BySecretVersionsParameterSet = "BySecretVersions"; + private const string BySecretUriParameterSet = "BySecretUri"; private const string InputObjectByVaultNameParameterSet = "ByInputObjectVaultName"; private const string InputObjectBySecretNameParameterSet = "ByInputObjectSecretName"; private const string InputObjectBySecretVersionsParameterSet = "ByInputObjectSecretVersions"; - private const string ResourceIdByVaultNameParameterSet = "ByResourceIdVaultName"; - private const string ResourceIdBySecretNameParameterSet = "ByResourceIdSecretName"; - private const string ResourceIdBySecretVersionsParameterSet = "ByResourceIdSecretVersions"; + private const string ParentResourceIdByVaultNameParameterSet = "ByParentResourceIdVaultName"; + private const string ParentResourceIdBySecretNameParameterSet = "ByParentResourceIdSecretName"; + private const string ParentResourceIdBySecretVersionsParameterSet = "ByParentResourceIdSecretVersions"; #endregion @@ -84,25 +87,38 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase public PSKeyVault InputObject { get; set; } /// - /// KeyVault Resource ID + /// KeyVault Secret ID + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + + + /// + /// KeyVault Parent Resource ID /// [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, - ParameterSetName = ResourceIdByVaultNameParameterSet, + ParameterSetName = ParentResourceIdByVaultNameParameterSet, HelpMessage = "KeyVault Resource Id.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, - ParameterSetName = ResourceIdBySecretNameParameterSet, + ParameterSetName = ParentResourceIdBySecretNameParameterSet, HelpMessage = "KeyVault Resource Id.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, - ParameterSetName = ResourceIdBySecretVersionsParameterSet, + ParameterSetName = ParentResourceIdBySecretVersionsParameterSet, HelpMessage = "KeyVault Resource Id.")] + [Alias("ResourceId")] [ValidateNotNullOrEmpty] - public string ResourceId { get; set; } + public string ParentResourceId { get; set; } /// /// Secret name @@ -117,7 +133,7 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase HelpMessage = "Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.")] [Parameter(Mandatory = false, Position = 1, - ParameterSetName = ResourceIdByVaultNameParameterSet, + ParameterSetName = ParentResourceIdByVaultNameParameterSet, HelpMessage = "Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.")] [Parameter(Mandatory = true, Position = 1, @@ -129,7 +145,7 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase HelpMessage = "Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.")] [Parameter(Mandatory = true, Position = 1, - ParameterSetName = ResourceIdBySecretNameParameterSet, + ParameterSetName = ParentResourceIdBySecretNameParameterSet, HelpMessage = "Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.")] [Parameter(Mandatory = true, Position = 1, @@ -141,7 +157,7 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase HelpMessage = "Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.")] [Parameter(Mandatory = true, Position = 1, - ParameterSetName = ResourceIdBySecretVersionsParameterSet, + ParameterSetName = ParentResourceIdBySecretVersionsParameterSet, HelpMessage = "Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.")] [ValidateNotNullOrEmpty] [Alias(Constants.SecretName)] @@ -160,7 +176,7 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase Position = 2, HelpMessage = "Secret version. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment, secret name and secret version.")] [Parameter(Mandatory = true, - ParameterSetName = ResourceIdBySecretNameParameterSet, + ParameterSetName = ParentResourceIdBySecretNameParameterSet, Position = 2, HelpMessage = "Secret version. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment, secret name and secret version.")] [Alias("SecretVersion")] @@ -173,7 +189,7 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase ParameterSetName = InputObjectBySecretVersionsParameterSet, HelpMessage = "Specifies whether to include the versions of the secret in the output.")] [Parameter(Mandatory = true, - ParameterSetName = ResourceIdBySecretVersionsParameterSet, + ParameterSetName = ParentResourceIdBySecretVersionsParameterSet, HelpMessage = "Specifies whether to include the versions of the secret in the output.")] public SwitchParameter IncludeVersions { get; set; } @@ -184,16 +200,20 @@ public class GetAzureKeyVaultSecret : KeyVaultCmdletBase ParameterSetName = InputObjectByVaultNameParameterSet, HelpMessage = "Specifies whether to show the previously deleted secrets in the output.")] [Parameter(Mandatory = false, - ParameterSetName = ResourceIdByVaultNameParameterSet, + ParameterSetName = ParentResourceIdByVaultNameParameterSet, + HelpMessage = "Specifies whether to show the previously deleted secrets in the output.")] + [Parameter(Mandatory = false, + ParameterSetName = BySecretUriParameterSet, HelpMessage = "Specifies whether to show the previously deleted secrets in the output.")] public SwitchParameter InRemovedState { get; set; } [Parameter(Mandatory = false, ParameterSetName = BySecretNameParameterSet, HelpMessage = "When set, the cmdlet will convert secret in secure string to the decrypted plaintext string as output.")] [Parameter(Mandatory = false, ParameterSetName = ByVaultNameParameterSet)] + [Parameter(Mandatory = false, ParameterSetName = BySecretUriParameterSet)] [Parameter(Mandatory = false, ParameterSetName = InputObjectBySecretNameParameterSet)] [Parameter(Mandatory = false, ParameterSetName = InputObjectByVaultNameParameterSet)] - [Parameter(Mandatory = false, ParameterSetName = ResourceIdBySecretNameParameterSet)] - [Parameter(Mandatory = false, ParameterSetName = ResourceIdByVaultNameParameterSet)] + [Parameter(Mandatory = false, ParameterSetName = ParentResourceIdBySecretNameParameterSet)] + [Parameter(Mandatory = false, ParameterSetName = ParentResourceIdByVaultNameParameterSet)] public SwitchParameter AsPlainText { get; set; } #endregion @@ -201,16 +221,28 @@ public override void ExecuteCmdlet() { PSKeyVaultSecret secret; + // Check input object if (InputObject != null) { VaultName = InputObject.VaultName.ToString(); } - else if (!string.IsNullOrEmpty(ResourceId)) + else if (!string.IsNullOrEmpty(ParentResourceId)) + { + var parsedParentResourceId = new ResourceIdentifier(ParentResourceId); + VaultName = parsedParentResourceId.ResourceName; + } + + // Handle SecretId (uri) parameter + if (ParameterSetName == BySecretUriParameterSet) { - var parsedResourceId = new ResourceIdentifier(ResourceId); - VaultName = parsedResourceId.ResourceName; + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; + Name = splitUri.SecretName; + Version = splitUri.SecretVersion; } + // Check Version/s of Sceret to get. if (!string.IsNullOrEmpty(Version)) { secret = DataServiceClient.GetSecret(VaultName, Name, Version); diff --git a/src/KeyVault/KeyVault/Commands/Secret/RemoveAzureKeyVaultSecret.cs b/src/KeyVault/KeyVault/Commands/Secret/RemoveAzureKeyVaultSecret.cs index cb99aa5cfd46..f87cf0534f80 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/RemoveAzureKeyVaultSecret.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/RemoveAzureKeyVaultSecret.cs @@ -13,6 +13,7 @@ // ---------------------------------------------------------------------------------- using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.WindowsAzure.Commands.Common.CustomAttributes; @@ -30,6 +31,7 @@ public class RemoveAzureKeyVaultSecret : KeyVaultCmdletBase private const string ByVaultNameParameterSet = "ByVaultName"; private const string ByInputObjectParameterSet = "ByInputObject"; + private const string BySecretUriParameterSet = "BySecretUri"; #endregion @@ -57,6 +59,17 @@ public class RemoveAzureKeyVaultSecret : KeyVaultCmdletBase [Alias(Constants.SecretName)] public string Name { get; set; } + /// + /// KeyVault Secret ID (uri of the secret) + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + /// /// Secret Object /// @@ -96,7 +109,15 @@ public override void ExecuteCmdlet() Name = InputObject.Name; } - if(InRemovedState.IsPresent) + if (ParameterSetName == BySecretUriParameterSet) + { + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; + Name = splitUri.SecretName; + } + + if (InRemovedState.IsPresent) { ConfirmAction( Force.IsPresent, diff --git a/src/KeyVault/KeyVault/Commands/Secret/RestoreAzureKeyVaultSecret.cs b/src/KeyVault/KeyVault/Commands/Secret/RestoreAzureKeyVaultSecret.cs index 7262899df535..65d8fee06a62 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/RestoreAzureKeyVaultSecret.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/RestoreAzureKeyVaultSecret.cs @@ -17,6 +17,7 @@ using System.Management.Automation; using Microsoft.Azure.Commands.Common.Authentication; using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; @@ -35,7 +36,8 @@ public class RestoreAzureKeyVaultSecret : KeyVaultCmdletBase private const string ByVaultNameParameterSet = "ByVaultName"; private const string ByInputObjectParameterSet = "ByInputObject"; - private const string ByResourceIdParameterSet = "ByResourceId"; + private const string ByParentResourceIdParameterSet = "ByParentResourceId"; + private const string BySecretUriParameterSet = "BySecretUri"; #endregion @@ -52,6 +54,17 @@ public class RestoreAzureKeyVaultSecret : KeyVaultCmdletBase [ValidateNotNullOrEmpty] public string VaultName { get; set; } + /// + /// KeyVault Secret ID (uri of the secret) + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + /// /// KeyVault object /// @@ -64,15 +77,16 @@ public class RestoreAzureKeyVaultSecret : KeyVaultCmdletBase public PSKeyVault InputObject { get; set; } /// - /// KeyVault ResourceId + /// KeyVault's ResourceId /// [Parameter(Mandatory = true, Position = 0, - ParameterSetName = ByResourceIdParameterSet, + ParameterSetName = ByParentResourceIdParameterSet, ValueFromPipelineByPropertyName = true, HelpMessage = "KeyVault Resource Id")] + [Alias("ResourceId")] [ValidateNotNullOrEmpty] - public string ResourceId { get; set; } + public string ParentResourceId { get; set; } /// /// The input file in which the backup blob is stored @@ -91,10 +105,17 @@ public override void ExecuteCmdlet( ) { VaultName = InputObject.VaultName; } - else if (ResourceId != null) + else if (ParentResourceId != null) { - var resourceIdentifier = new ResourceIdentifier(ResourceId); - VaultName = resourceIdentifier.ResourceName; + var ParentResourceIdentifier = new ResourceIdentifier(ParentResourceId); + VaultName = ParentResourceIdentifier.ResourceName; + } + + if (ParameterSetName == BySecretUriParameterSet) + { + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; } if (ShouldProcess(VaultName, Properties.Resources.RestoreSecret)) diff --git a/src/KeyVault/KeyVault/Commands/Secret/SetAzureKeyVaultSecret.cs b/src/KeyVault/KeyVault/Commands/Secret/SetAzureKeyVaultSecret.cs index 940e669780df..69a5a861e9cc 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/SetAzureKeyVaultSecret.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/SetAzureKeyVaultSecret.cs @@ -13,6 +13,7 @@ // ---------------------------------------------------------------------------------- using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.Azure.Commands.ResourceManager.Common.Tags; using System; @@ -30,6 +31,7 @@ public class SetAzureKeyVaultSecret : KeyVaultCmdletBase private const string DefaultParameterSet = "Default"; private const string InputObjectParameterSet = "InputObject"; + private const string BySecretUriParameterSet = "BySecretUri"; #endregion @@ -57,6 +59,17 @@ public class SetAzureKeyVaultSecret : KeyVaultCmdletBase [Alias(Constants.SecretName)] public string Name { get; set; } + /// + /// KeyVault Secret ID (uri of the secret) + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + /// /// Secret object /// @@ -122,6 +135,14 @@ public override void ExecuteCmdlet() Name = InputObject.Name; } + if (ParameterSetName == BySecretUriParameterSet) + { + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; + Name = splitUri.SecretName; + } + if (ShouldProcess(Name, Properties.Resources.SetSecret)) { var secret = DataServiceClient.SetSecret( diff --git a/src/KeyVault/KeyVault/Commands/Secret/UndoAzureKeyVaultSecretRemoval.cs b/src/KeyVault/KeyVault/Commands/Secret/UndoAzureKeyVaultSecretRemoval.cs index 6e716f994110..8a8ee4f5f209 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/UndoAzureKeyVaultSecretRemoval.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/UndoAzureKeyVaultSecretRemoval.cs @@ -13,6 +13,7 @@ // ---------------------------------------------------------------------------------- using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.WindowsAzure.Commands.Common.CustomAttributes; using System; @@ -28,6 +29,7 @@ public class UndoAzureKeyVaultSecretRemoval : KeyVaultCmdletBase private const string DefaultParameterSet = "Default"; private const string InputObjectParameterSet = "InputObject"; + private const string BySecretUriParameterSet = "BySecretUri"; #endregion @@ -55,6 +57,17 @@ public class UndoAzureKeyVaultSecretRemoval : KeyVaultCmdletBase [Alias(Constants.SecretName)] public string Name { get; set; } + /// + /// KeyVault Secret ID (uri of the secret) + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + /// /// Deleted secret object /// @@ -76,6 +89,14 @@ public override void ExecuteCmdlet() Name = InputObject.Name; } + if (ParameterSetName == BySecretUriParameterSet) + { + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; + Name = splitUri.SecretName; + } + if (ShouldProcess(Name, Properties.Resources.RecoverSecret)) { PSKeyVaultSecret secret = DataServiceClient.RecoverSecret(VaultName, Name); diff --git a/src/KeyVault/KeyVault/Commands/Secret/UpdateAzureKeyVaultSecret.cs b/src/KeyVault/KeyVault/Commands/Secret/UpdateAzureKeyVaultSecret.cs index 88cce1c526fb..6aa3fe42ebd7 100644 --- a/src/KeyVault/KeyVault/Commands/Secret/UpdateAzureKeyVaultSecret.cs +++ b/src/KeyVault/KeyVault/Commands/Secret/UpdateAzureKeyVaultSecret.cs @@ -13,6 +13,7 @@ // ---------------------------------------------------------------------------------- using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.WindowsAzure.Commands.Common.CustomAttributes; using System; @@ -30,6 +31,7 @@ public class UpdateAzureKeyVaultSecret : KeyVaultCmdletBase private const string DefaultParameterSet = "Default"; private const string InputObjectParameterSet = "InputObject"; + private const string BySecretUriParameterSet = "BySecretUri"; #endregion @@ -57,6 +59,17 @@ public class UpdateAzureKeyVaultSecret : KeyVaultCmdletBase [Alias(Constants.SecretName)] public string Name { get; set; } + /// + /// KeyVault Secret ID (uri of the secret) + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = BySecretUriParameterSet, + HelpMessage = "The URI of the KeyVault Secret.")] + [Alias("SecretId")] + [ValidateNotNullOrEmpty] + public string Id { get; set; } + /// /// Secret object /// @@ -130,6 +143,15 @@ public override void ExecuteCmdlet() Name = InputObject.Name; } + if (ParameterSetName == BySecretUriParameterSet) + { + SecretUriComponents splitUri = new SecretUriComponents(Id); + + VaultName = splitUri.VaultName; + Name = splitUri.SecretName; + Version = splitUri.SecretVersion; + } + if (ShouldProcess(Name, Properties.Resources.SetSecretAttribute)) { var secret = DataServiceClient.UpdateSecret( diff --git a/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs b/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs index efce44973fe0..49d37cc05b05 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs @@ -20,6 +20,7 @@ using System.Management.Automation; using Azure.Core.Diagnostics; using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Commands.KeyVault.Models.Secret; using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.KeyVault.Track2Models; using Microsoft.Azure.Commands.ResourceManager.Common; diff --git a/src/KeyVault/KeyVault/Models/Secret/KeyVaultSecretUri.cs b/src/KeyVault/KeyVault/Models/Secret/KeyVaultSecretUri.cs new file mode 100644 index 000000000000..b8fa46b28253 --- /dev/null +++ b/src/KeyVault/KeyVault/Models/Secret/KeyVaultSecretUri.cs @@ -0,0 +1,54 @@ +using System; + +namespace Microsoft.Azure.Commands.KeyVault.Models.Secret +{ + /// + /// A data class to hold components of a KeyVault Secret URI: VaultName, SecretName, and SecretVersion. + /// + internal class SecretUriComponents + { + /// + /// The name of the Key Vault. + /// + public string VaultName { get; private set; } + + /// + /// The name of the secret in the Key Vault. + /// + public string SecretName { get; private set; } + + /// + /// The version of the secret (optional). + /// + public string SecretVersion { get; private set; } + + /// + /// Initializes a new instance of the SecretUriComponents class with the specified vault name, secret name, and version. + /// + /// The unique Uri/secretId (as a string) of the secret + public SecretUriComponents(string secretId) + { + Uri secretUri = new Uri(secretId); + + // Extract vault name from the URI + this.VaultName = secretUri.Host.Split('.')[0]; + + // Extract secret name from the URI + this.SecretName = secretUri.Segments.Length > 2 ? secretUri.Segments[2].TrimEnd('/') : string.Empty; + + // Extract secret version (if present) + this.SecretVersion = secretUri.Segments.Length > 3 ? secretUri.Segments[3] : string.Empty; + + } + + /// + /// Returns a string representation of the secret URI components. + /// + /// A string in the format "VaultName:SecretName:SecretVersion" + public override string ToString() + { + return $"{VaultName}:{SecretName}:{(string.IsNullOrEmpty(SecretVersion) ? "NoVersion" : SecretVersion)}"; + } + } +} + diff --git a/src/KeyVault/KeyVault/help/Backup-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Backup-AzKeyVaultSecret.md index 1bd3e9341580..0b167aaa37f2 100644 --- a/src/KeyVault/KeyVault/help/Backup-AzKeyVaultSecret.md +++ b/src/KeyVault/KeyVault/help/Backup-AzKeyVaultSecret.md @@ -16,14 +16,21 @@ Backs up a secret in a key vault. ### BySecretName (Default) ``` Backup-AzKeyVaultSecret [-VaultName] [-Name] [[-OutputFile] ] [-Force] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] + [] +``` + +### BySecretUri +``` +Backup-AzKeyVaultSecret [-Id] [[-OutputFile] ] [-Force] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ### BySecret ``` Backup-AzKeyVaultSecret [-InputObject] [[-OutputFile] ] [-Force] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -72,13 +79,33 @@ C:\Backup.blob This command uses the $secret object's vault name and name to retrieves the secret and saves its backup to a file named Backup.blob. +### Example 4: Back up a secret with an automatically generated file name (using Uri) +```powershell +Backup-AzKeyVaultSecret -Id 'https://MyKeyVault.vault.azure.net:443/secrets/MySecret' +``` + ## PARAMETERS +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -DefaultProfile The credentials, account, tenant, and subscription used for communication with azure ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -93,7 +120,7 @@ Accept wildcard characters: False Prompts you for confirmation before overwriting the output file, if that exists. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -104,11 +131,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// + +```yaml +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -InputObject Secret to be backed up, pipelined in from the output of a retrieval call. ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem +Type: PSKeyVaultSecretIdentityItem Parameter Sets: BySecret Aliases: Secret @@ -123,7 +166,7 @@ Accept wildcard characters: False Specifies the name of the secret to back up. ```yaml -Type: System.String +Type: String Parameter Sets: BySecretName Aliases: SecretName @@ -140,7 +183,7 @@ If you do not specify this parameter, this cmdlet generates a file name for you. If you specify the name of an existing output file, the operation will not complete and returns an error message that the backup file already exists. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: @@ -155,7 +198,7 @@ Accept wildcard characters: False Specifies the name of the key vault that contains the secret to back up. ```yaml -Type: System.String +Type: String Parameter Sets: BySecretName Aliases: @@ -166,13 +209,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) -Aliases: cf +Aliases: wi Required: False Position: Named @@ -181,18 +225,17 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: System.Management.Automation.SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga Required: False Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md index d5316a5f5c92..76005dd8d121 100644 --- a/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md +++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md @@ -16,55 +16,61 @@ Gets the secrets in a key vault. ### ByVaultName (Default) ``` Get-AzKeyVaultSecret [-VaultName] [[-Name] ] [-InRemovedState] [-AsPlainText] - [-DefaultProfile ] [] + [-DefaultProfile ] [-ProgressAction ] [] ``` ### BySecretName ``` Get-AzKeyVaultSecret [-VaultName] [-Name] [-Version] [-AsPlainText] - [-DefaultProfile ] [] + [-DefaultProfile ] [-ProgressAction ] [] ``` ### BySecretVersions ``` Get-AzKeyVaultSecret [-VaultName] [-Name] [-IncludeVersions] - [-DefaultProfile ] [] + [-DefaultProfile ] [-ProgressAction ] [] ``` ### ByInputObjectVaultName ``` Get-AzKeyVaultSecret [-InputObject] [[-Name] ] [-InRemovedState] [-AsPlainText] - [-DefaultProfile ] [] + [-DefaultProfile ] [-ProgressAction ] [] ``` ### ByInputObjectSecretName ``` Get-AzKeyVaultSecret [-InputObject] [-Name] [-Version] [-AsPlainText] - [-DefaultProfile ] [] + [-DefaultProfile ] [-ProgressAction ] [] ``` ### ByInputObjectSecretVersions ``` Get-AzKeyVaultSecret [-InputObject] [-Name] [-IncludeVersions] - [-DefaultProfile ] [] + [-DefaultProfile ] [-ProgressAction ] [] ``` -### ByResourceIdVaultName +### BySecretUri ``` -Get-AzKeyVaultSecret [-ResourceId] [[-Name] ] [-InRemovedState] [-AsPlainText] - [-DefaultProfile ] [] +Get-AzKeyVaultSecret [-Id] [-InRemovedState] [-AsPlainText] [-DefaultProfile ] + [-ProgressAction ] [] ``` -### ByResourceIdSecretName +### ByParentResourceIdVaultName ``` -Get-AzKeyVaultSecret [-ResourceId] [-Name] [-Version] [-AsPlainText] - [-DefaultProfile ] [] +Get-AzKeyVaultSecret [-ParentResourceId] [[-Name] ] [-InRemovedState] [-AsPlainText] + [-DefaultProfile ] [-ProgressAction ] [] ``` -### ByResourceIdSecretVersions +### ByParentResourceIdSecretName ``` -Get-AzKeyVaultSecret [-ResourceId] [-Name] [-IncludeVersions] - [-DefaultProfile ] [] +Get-AzKeyVaultSecret [-ParentResourceId] [-Name] [-Version] [-AsPlainText] + [-DefaultProfile ] [-ProgressAction ] [] +``` + +### ByParentResourceIdSecretVersions +``` +Get-AzKeyVaultSecret [-ParentResourceId] [-Name] [-IncludeVersions] + [-DefaultProfile ] [-ProgressAction ] [] ``` ## DESCRIPTION @@ -181,7 +187,83 @@ Tags : This command gets a specific version of the secret named secret1 in the key vault named Contoso. -### Example 5: Get the plain text value of the current version of a specific secret + +### Example 5: Get the current version of a specific secret using Uri +```powershell +Get-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/secret1/' +``` + +```output +Vault Name : contoso +Name : secret1 +Version : 7128133570f84a71b48d7d0550deb74c +Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c +Enabled : True +Expires : 4/6/2018 3:59:43 PM +Not Before : +Created : 4/5/2018 11:46:28 PM +Updated : 4/6/2018 11:30:17 PM +Content Type : +Tags : +``` + +This command gets the current version of the secret named secret1 in the key vault named Contoso. + +### Example 6: Get a specific version of a specific secret using Uri +```powershell +Get-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/secret1/7128133570f84a71b48d7d0550deb74c' +``` + +```output +Vault Name : contoso +Name : secret1 +Version : 7128133570f84a71b48d7d0550deb74c +Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c +Enabled : True +Expires : 4/6/2018 3:59:43 PM +Not Before : +Created : 4/5/2018 11:46:28 PM +Updated : 4/6/2018 11:30:17 PM +Content Type : +Tags : +``` + +This command gets a specific version of the secret named secret1 in the key vault named Contoso. + +### Example 7: Get the current version of all the secrets using Uri +```powershell +Get-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/' +``` + +```output +Vault Name : contoso +Name : secret1 +Version : 7128133570f84a71b48d7d0550deb74c +Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c +Enabled : True +Expires : 4/6/2018 3:59:43 PM +Not Before : +Created : 4/5/2018 11:46:28 PM +Updated : 4/6/2018 11:30:17 PM +Content Type : +Tags : + +Vault Name : contoso +Name : secret2 +Version : 7128133570f84a71b48d7d0550deb74c +Id : https://contoso.vault.azure.net:443/secrets/secret2/7128133570f84a71b48d7d0550deb74c +Enabled : True +Expires : 4/6/2018 3:59:43 PM +Not Before : +Created : 4/5/2018 11:46:28 PM +Updated : 4/6/2018 11:30:17 PM +Content Type : +Tags : +``` + +This command gets the current version of all the secrets in the key vault named Contoso. + +### Example 8: Get the plain text value of the current version of a specific secret ```powershell $secretText = Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -AsPlainText ``` @@ -190,7 +272,7 @@ The cmdlet returns the secret as a string when `-AsPlainText` is applied. **Note:** When listing secrets, i.e. not providing `-Name`, the `-AsPlainText` is ignored. -### Example 6: Get all the secrets that have been deleted but not purged for this key vault. +### Example 9: Get all the secrets that have been deleted but not purged for this key vault. ```powershell Get-AzKeyVaultSecret -VaultName 'Contoso' -InRemovedState ``` @@ -225,7 +307,7 @@ Tags : This command gets all the secrets that have been previously deleted, but not purged, in the key vault named Contoso. -### Example 7: Gets the secret ITSecret that has been deleted but not purged for this key vault. +### Example 10: Gets the secret ITSecret that has been deleted but not purged for this key vault. ```powershell Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1' -InRemovedState ``` @@ -249,7 +331,7 @@ Tags : This command gets the secret 'secret1' that has been previously deleted, but not purged, in the key vault named Contoso. This command will return metadata such as the deletion date, and the scheduled purging date of this deleted secret. -### Example 8: Get all current versions of all secrets in a key vault using filtering +### Example 11: Get all current versions of all secrets in a key vault using filtering ```powershell Get-AzKeyVaultSecret -VaultName 'Contoso' -Name "secret*" ``` @@ -282,7 +364,7 @@ Tags : This command gets the current versions of all secrets in the key vault named Contoso that start with "secret". -### Example 9: Get a secret in Azure Key Vault by command Get-Secret in module Microsoft.PowerShell.SecretManagement +### Example 12: Get a secret in Azure Key Vault by command Get-Secret in module Microsoft.PowerShell.SecretManagement ```powershell # Install module Microsoft.PowerShell.SecretManagement Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -AllowPrerelease @@ -306,8 +388,8 @@ This example Gets a secret named `secureSecret` in Azure Key Vault named `test-k When set, the cmdlet will convert secret in secure string to the decrypted plaintext string as output. ```yaml -Type: System.Management.Automation.SwitchParameter -Parameter Sets: ByVaultName, BySecretName, ByInputObjectVaultName, ByInputObjectSecretName, ByResourceIdVaultName, ByResourceIdSecretName +Type: SwitchParameter +Parameter Sets: ByVaultName, BySecretName, ByInputObjectVaultName, ByInputObjectSecretName, BySecretUri, ByParentResourceIdVaultName, ByParentResourceIdSecretName Aliases: Required: False @@ -321,7 +403,7 @@ Accept wildcard characters: False The credentials, account, tenant, and subscription used for communication with azure ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -332,6 +414,37 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// + +```yaml +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InRemovedState +Specifies whether to show the previously deleted secrets in the output + +```yaml +Type: SwitchParameter +Parameter Sets: ByVaultName, ByInputObjectVaultName, BySecretUri, ByParentResourceIdVaultName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -IncludeVersions Indicates that this cmdlet gets all versions of a secret. The current version of a secret is the first one on the list. @@ -339,8 +452,8 @@ If you specify this parameter you must also specify the *Name* and *VaultName* p If you do not specify the *IncludeVersions* parameter, this cmdlet gets the current version of the secret with the specified *Name*. ```yaml -Type: System.Management.Automation.SwitchParameter -Parameter Sets: BySecretVersions, ByInputObjectSecretVersions, ByResourceIdSecretVersions +Type: SwitchParameter +Parameter Sets: BySecretVersions, ByInputObjectSecretVersions, ByParentResourceIdSecretVersions Aliases: Required: True @@ -354,7 +467,7 @@ Accept wildcard characters: False KeyVault Object. ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault +Type: PSKeyVault Parameter Sets: ByInputObjectVaultName, ByInputObjectSecretName, ByInputObjectSecretVersions Aliases: @@ -365,27 +478,12 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` -### -InRemovedState -Specifies whether to show the previously deleted secrets in the output - -```yaml -Type: System.Management.Automation.SwitchParameter -Parameter Sets: ByVaultName, ByInputObjectVaultName, ByResourceIdVaultName -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -Name Specifies the name of the secret to get. ```yaml -Type: System.String -Parameter Sets: ByVaultName, ByInputObjectVaultName, ByResourceIdVaultName +Type: String +Parameter Sets: ByVaultName, ByInputObjectVaultName, ByParentResourceIdVaultName Aliases: SecretName Required: False @@ -396,8 +494,8 @@ Accept wildcard characters: True ``` ```yaml -Type: System.String -Parameter Sets: BySecretName, BySecretVersions, ByInputObjectSecretName, ByInputObjectSecretVersions, ByResourceIdSecretName, ByResourceIdSecretVersions +Type: String +Parameter Sets: BySecretName, BySecretVersions, ByInputObjectSecretName, ByInputObjectSecretVersions, ByParentResourceIdSecretName, ByParentResourceIdSecretVersions Aliases: SecretName Required: True @@ -407,13 +505,13 @@ Accept pipeline input: False Accept wildcard characters: True ``` -### -ResourceId +### -ParentResourceId KeyVault Resource Id. ```yaml -Type: System.String -Parameter Sets: ByResourceIdVaultName, ByResourceIdSecretName, ByResourceIdSecretVersions -Aliases: +Type: String +Parameter Sets: ByParentResourceIdVaultName, ByParentResourceIdSecretName, ByParentResourceIdSecretVersions +Aliases: ResourceId Required: True Position: 0 @@ -427,7 +525,7 @@ Specifies the name of the key vault to which the secret belongs. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name that this parameter specifies and your current environment. ```yaml -Type: System.String +Type: String Parameter Sets: ByVaultName, BySecretName, BySecretVersions Aliases: @@ -443,8 +541,8 @@ Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the key vault name, your currently selected environment, the secret name, and the secret version. ```yaml -Type: System.String -Parameter Sets: BySecretName, ByInputObjectSecretName, ByResourceIdSecretName +Type: String +Parameter Sets: BySecretName, ByInputObjectSecretName, ByParentResourceIdSecretName Aliases: SecretVersion Required: True @@ -454,6 +552,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProgressAction +{{ Fill ProgressAction Description }} + +```yaml +Type: ActionPreference +Parameter Sets: (All) +Aliases: proga + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md index 0b2e67c698c9..7c6481afae88 100644 --- a/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md +++ b/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md @@ -15,14 +15,21 @@ Deletes a secret in a key vault. ### ByVaultName (Default) ``` Remove-AzKeyVaultSecret [-VaultName] [-Name] [-Force] [-PassThru] [-InRemovedState] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] + [] +``` + +### BySecretUri +``` +Remove-AzKeyVaultSecret [-Id] [-Force] [-PassThru] [-InRemovedState] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ### ByInputObject ``` Remove-AzKeyVaultSecret [-InputObject] [-Force] [-PassThru] [-InRemovedState] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -80,7 +87,30 @@ Tags : This command removes the secret named FinanceSecret from the key vault named Contoso. The command specifies the *Force* and *Confirm* parameters, and, therefore, the cmdlet does not prompt you for confirmation. -### Example 3: Remove a secret in Azure Key Vault by command Remove-Secret in module Microsoft.PowerShell.SecretManagement +### Example 3: Remove a secret from a key vault (using uri) +```powershell +Remove-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net:443/secrets/financesecret' -PassThru +``` + +```output +Vault Name : Contoso +Name : FinanceSecret +Version : f622abc7b1394092812f1eb0f85dc91c +Id : https://contoso.vault.azure.net:443/secrets/financesecret/f622abc7b1394092812f1eb0f85dc91c +Deleted Date : 5/25/2018 4:45:34 PM +Scheduled Purge Date : 8/23/2018 4:45:34 PM +Enabled : True +Expires : +Not Before : +Created : 4/19/2018 5:56:02 PM +Updated : 4/26/2018 7:48:40 PM +Content Type : +Tags : +``` + +This command removes the secret named 'FinanceSecret' from the key vault named 'Contoso'. + +### Example 4: Remove a secret in Azure Key Vault by command Remove-Secret in module Microsoft.PowerShell.SecretManagement ```powershell # Install module Microsoft.PowerShell.SecretManagement Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -AllowPrerelease @@ -108,11 +138,26 @@ Executing this cmdlet requires the 'purge' permission, which must have been prev ## PARAMETERS +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -DefaultProfile The credentials, account, tenant, and subscription used for communication with azure ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -127,7 +172,7 @@ Accept wildcard characters: False Forces the command to run without asking for user confirmation. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -138,18 +183,19 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -InputObject -Key Vault Secret Object +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem -Parameter Sets: ByInputObject -Aliases: +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId Required: True Position: 0 Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` @@ -157,7 +203,7 @@ Accept wildcard characters: False If present, removes the previously deleted secret permanently. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -168,12 +214,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Key Vault Secret Object + +```yaml +Type: PSKeyVaultSecretIdentityItem +Parameter Sets: ByInputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -Name Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the key vault, and your current environment. ```yaml -Type: System.String +Type: String Parameter Sets: ByVaultName Aliases: SecretName @@ -189,7 +250,7 @@ Indicates that this cmdlet returns a **Microsoft.Azure.Commands.KeyVault.Models. By default, this cmdlet does not generate any output. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -205,7 +266,7 @@ Specifies the name of the key vault to which the secret belongs. This cmdlet constructs the FQDN of a key vault based on the name that this parameter specifies and your current environment. ```yaml -Type: System.String +Type: String Parameter Sets: ByVaultName Aliases: @@ -216,13 +277,15 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run.Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) -Aliases: cf +Aliases: wi Required: False Position: Named @@ -231,19 +294,17 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run.Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: System.Management.Automation.SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga Required: False Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` diff --git a/src/KeyVault/KeyVault/help/Restore-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Restore-AzKeyVaultSecret.md index e69f28cd5ff2..0f49e6ce0567 100644 --- a/src/KeyVault/KeyVault/help/Restore-AzKeyVaultSecret.md +++ b/src/KeyVault/KeyVault/help/Restore-AzKeyVaultSecret.md @@ -16,20 +16,26 @@ Creates a secret in a key vault from a backed-up secret. ### ByVaultName (Default) ``` Restore-AzKeyVaultSecret [-VaultName] [-InputFile] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] + [-ProgressAction ] [-WhatIf] [-Confirm] [] +``` + +### BySecretUri +``` +Restore-AzKeyVaultSecret [-Id] [-InputFile] [-DefaultProfile ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ### ByInputObject ``` Restore-AzKeyVaultSecret [-InputObject] [-InputFile] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` -### ByResourceId +### ByParentResourceId ``` -Restore-AzKeyVaultSecret [-ResourceId] [-InputFile] - [-DefaultProfile ] [-WhatIf] [-Confirm] +Restore-AzKeyVaultSecret [-ParentResourceId] [-InputFile] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -65,13 +71,49 @@ Tags : This command restores a secret, including all of its versions, from the backup file named Backup.blob into the key vault named contoso. +### Example 2: Restore a backed-up secret (using Uri) +```powershell +Restore-AzKeyVaultSecret -Id "https://contoso.vault.azure.net:443/secrets/" -InputFile "C:\Backup.blob" +``` + +```output +Vault Name : contoso +Name : secret1 +Version : 7128133570f84a71b48d7d0550deb74c +Id : https://contoso.vault.azure.net:443/secrets/secret1/7128133570f84a71b48d7d0550deb74c +Enabled : True +Expires : 4/6/2018 3:59:43 PM +Not Before : +Created : 4/5/2018 11:46:28 PM +Updated : 4/6/2018 11:30:17 PM +Content Type : +Tags : +``` + +This command restores a secret, including all of its versions, from the backup file named Backup.blob into the key vault named contoso. + ## PARAMETERS +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -DefaultProfile The credentials, account, tenant, and subscription used for communication with azure ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -82,11 +124,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// + +```yaml +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -InputFile Specifies the input file that contains the backup of the secret to restore. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: @@ -101,7 +159,7 @@ Accept wildcard characters: False KeyVault object ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault +Type: PSKeyVault Parameter Sets: ByInputObject Aliases: @@ -112,13 +170,13 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` -### -ResourceId +### -ParentResourceId KeyVault Resource Id ```yaml -Type: System.String -Parameter Sets: ByResourceId -Aliases: +Type: String +Parameter Sets: ByParentResourceId +Aliases: ResourceId Required: True Position: 0 @@ -131,7 +189,7 @@ Accept wildcard characters: False Specifies the name of the key vault into which to restore the secret. ```yaml -Type: System.String +Type: String Parameter Sets: ByVaultName Aliases: @@ -142,13 +200,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) -Aliases: cf +Aliases: wi Required: False Position: Named @@ -157,18 +216,17 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: System.Management.Automation.SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga Required: False Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` diff --git a/src/KeyVault/KeyVault/help/Set-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Set-AzKeyVaultSecret.md index a8d34cf4f702..180be38d2d5f 100644 --- a/src/KeyVault/KeyVault/help/Set-AzKeyVaultSecret.md +++ b/src/KeyVault/KeyVault/help/Set-AzKeyVaultSecret.md @@ -17,15 +17,22 @@ Creates or updates a secret in a key vault. ``` Set-AzKeyVaultSecret [-VaultName] [-Name] [-SecretValue] [-Disable] [-Expires ] [-NotBefore ] [-ContentType ] [-Tag ] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` +### BySecretUri +``` +Set-AzKeyVaultSecret [-Id] [-SecretValue] [-Disable] [-Expires ] + [-NotBefore ] [-ContentType ] [-Tag ] [-DefaultProfile ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] +``` + ### InputObject ``` Set-AzKeyVaultSecret [-InputObject] [-SecretValue] [-Disable] [-Expires ] [-NotBefore ] [-ContentType ] [-Tag ] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -96,7 +103,29 @@ the attributes in variables. The final command modifies values of the secret named ITSecret in the key vault named Contoso, by using the values specified previously as variables. -### Example 3: Create a secret in azure key vault by command Set-Secret in module Microsoft.PowerShell.SecretManagement +### Example 3: Modify the value of a secret using default attributes (using Uri) +```powershell +$Secret = ConvertTo-SecureString -String "****" -AsPlainText -Force +Set-AzKeyVaultSecret -Id 'https://contoso.vault.azure.net/secrets/ITSecret' -SecretValue $Secret +``` + +```output +Vault Name : Contoso +Name : ITSecret +Version : 8b5c0cb0326e4350bd78200fac932b51 +Id : https://contoso.vault.azure.net:443/secrets/ITSecret/8b5c0cb0326e4350bd78200fac932b51 +Enabled : True +Expires : +Not Before : +Created : 5/25/2018 6:39:30 PM +Updated : 5/25/2018 6:39:30 PM +Content Type : +Tags : +``` + +This command sets or updates the value of the secret named secret1 in the Key Vault named Contoso using the secret’s URI. + +### Example 4: Create a secret in azure key vault by command Set-Secret in module Microsoft.PowerShell.SecretManagement ```powershell # Install module Microsoft.PowerShell.SecretManagement Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -AllowPrerelease @@ -115,12 +144,27 @@ This example sets a secret named `secureSecret` in azure key vault `test-kv` by ## PARAMETERS +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ContentType Specifies the content type of a secret. To delete the existing content type, specify an empty string. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: @@ -135,7 +179,7 @@ Accept wildcard characters: False The credentials, account, tenant, and subscription used for communication with azure ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -150,7 +194,7 @@ Accept wildcard characters: False Indicates that this cmdlet disables a secret. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -167,7 +211,7 @@ This parameter uses Coordinated Universal Time (UTC). To obtain a **DateTime** o **Get-Date** cmdlet. For more information, type `Get-Help Get-Date`. ```yaml -Type: System.Nullable`1[System.DateTime] +Type: DateTime Parameter Sets: (All) Aliases: @@ -178,11 +222,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// + +```yaml +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -InputObject Secret object ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem +Type: PSKeyVaultSecretIdentityItem Parameter Sets: InputObject Aliases: @@ -199,7 +259,7 @@ Specifies the name of a secret to modify. This cmdlet constructs the fully quali your current environment. ```yaml -Type: System.String +Type: String Parameter Sets: Default Aliases: SecretName @@ -215,7 +275,7 @@ Specifies the time, as a **DateTime** object, before which the secret cannot be parameter uses UTC. To obtain a **DateTime** object, use the **Get-Date** cmdlet. ```yaml -Type: System.Nullable`1[System.DateTime] +Type: DateTime Parameter Sets: (All) Aliases: @@ -232,7 +292,7 @@ object, use the **ConvertTo-SecureString** cmdlet. For more information, type `G ConvertTo-SecureString`. ```yaml -Type: System.Security.SecureString +Type: SecureString Parameter Sets: (All) Aliases: @@ -248,7 +308,7 @@ Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"} ```yaml -Type: System.Collections.Hashtable +Type: Hashtable Parameter Sets: (All) Aliases: Tags @@ -264,7 +324,7 @@ Specifies the name of the key vault to which this secret belongs. This cmdlet co of a key vault based on the name that this parameter specifies and your current environment. ```yaml -Type: System.String +Type: String Parameter Sets: Default Aliases: @@ -275,13 +335,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) -Aliases: cf +Aliases: wi Required: False Position: Named @@ -290,14 +351,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: System.Management.Automation.SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga Required: False Position: Named diff --git a/src/KeyVault/KeyVault/help/Undo-AzKeyVaultSecretRemoval.md b/src/KeyVault/KeyVault/help/Undo-AzKeyVaultSecretRemoval.md index 418f7fdc540f..bae578e2c0a1 100644 --- a/src/KeyVault/KeyVault/help/Undo-AzKeyVaultSecretRemoval.md +++ b/src/KeyVault/KeyVault/help/Undo-AzKeyVaultSecretRemoval.md @@ -15,13 +15,19 @@ Recovers a deleted secret in a key vault into an active state. ### Default (Default) ``` Undo-AzKeyVaultSecretRemoval [-VaultName] [-Name] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] + [-ProgressAction ] [-WhatIf] [-Confirm] [] +``` + +### BySecretUri +``` +Undo-AzKeyVaultSecretRemoval [-Id] [-DefaultProfile ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ### InputObject ``` Undo-AzKeyVaultSecretRemoval [-InputObject] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -53,13 +59,49 @@ Tags : This command will recover the secret 'MySecret' that was previously deleted, into an active and usable state. +### Example 2 +```powershell +Undo-AzKeyVaultSecretRemoval -Id "https://mykeyvault.vault.azure.net:443/secrets/mysecret/" +``` + +```output +Vault Name : MyKeyVault +Name : MySecret +Version : f622abc7b1394092812f1eb0f85dc91c +Id : https://mykeyvault.vault.azure.net:443/secrets/mysecret/f622abc7b1394092812f1eb0f85dc91c +Enabled : True +Expires : +Not Before : +Created : 4/19/2018 5:56:02 PM +Updated : 4/26/2018 7:48:40 PM +Content Type : +Tags : +``` + +This command will recover the secret 'MySecret' that was previously deleted, into an active and usable state. + ## PARAMETERS +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -DefaultProfile The credentials, account, tenant, and subscription used for communication with azure ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -70,11 +112,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// + +```yaml +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -InputObject Deleted secret object ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSDeletedKeyVaultSecretIdentityItem +Type: PSDeletedKeyVaultSecretIdentityItem Parameter Sets: InputObject Aliases: @@ -90,7 +148,7 @@ Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name. ```yaml -Type: System.String +Type: String Parameter Sets: Default Aliases: SecretName @@ -106,7 +164,7 @@ Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment. ```yaml -Type: System.String +Type: String Parameter Sets: Default Aliases: @@ -117,13 +175,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) -Aliases: cf +Aliases: wi Required: False Position: Named @@ -132,14 +191,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: System.Management.Automation.SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga Required: False Position: Named diff --git a/src/KeyVault/KeyVault/help/Update-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Update-AzKeyVaultSecret.md index 354fbb09aad6..178fe944f1ae 100644 --- a/src/KeyVault/KeyVault/help/Update-AzKeyVaultSecret.md +++ b/src/KeyVault/KeyVault/help/Update-AzKeyVaultSecret.md @@ -16,7 +16,15 @@ Updates attributes of a secret in a key vault. ``` Update-AzKeyVaultSecret [-VaultName] [-Name] [[-Version] ] [-Enable ] [-Expires ] [-NotBefore ] [-ContentType ] [-Tag ] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] + [] +``` + +### BySecretUri +``` +Update-AzKeyVaultSecret [-Id] [[-Version] ] [-Enable ] [-Expires ] + [-NotBefore ] [-ContentType ] [-Tag ] [-PassThru] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -24,7 +32,7 @@ Update-AzKeyVaultSecret [-VaultName] [-Name] [[-Version] [[-Version] ] [-Enable ] [-Expires ] [-NotBefore ] [-ContentType ] [-Tag ] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] + [-DefaultProfile ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -98,15 +106,38 @@ The first three commands define string variables to use for the *VaultName*, *Na specified keys, and pipes the keys to the Update-AzKeyVaultSecret cmdlet to set their content type to XML. +### Example 5: Delete the tags and content type for a secret (using Uri) +```powershell +Update-AzKeyVaultSecret -Id 'https://ContosoVault.vault.azure.net:443/secrets/HR/9EEA45C6EE50490B9C3176A80AC1A0DF' -ContentType '' -Tag @{} +``` + +This command deletes the tags and the content type for the specified version of the secret named HR +in the key vault named Contoso. + ## PARAMETERS +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ContentType Secret's content type. If not specified, the existing value of the secret's content type remains unchanged. Remove the existing content type value by specifying an empty string. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: @@ -121,7 +152,7 @@ Accept wildcard characters: False The credentials, account, tenant, and subscription used for communication with Azure. ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -138,7 +169,7 @@ Disable a secret if value is false. If not specified, the existing value of the secret's enabled/disabled state remains unchanged. ```yaml -Type: System.Nullable`1[System.Boolean] +Type: Boolean Parameter Sets: (All) Aliases: @@ -154,7 +185,7 @@ The expiration time of a secret in UTC time. If not specified, the existing value of the secret's expiration time remains unchanged. ```yaml -Type: System.Nullable`1[System.DateTime] +Type: DateTime Parameter Sets: (All) Aliases: @@ -165,11 +196,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Id +The URI of the KeyVault Secret. +Please ensure it follows the format: https://.vault.azure.net/secrets// + +```yaml +Type: String +Parameter Sets: BySecretUri +Aliases: SecretId + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -InputObject Secret object ```yaml -Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem +Type: PSKeyVaultSecretIdentityItem Parameter Sets: InputObject Aliases: @@ -185,7 +232,7 @@ Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name. ```yaml -Type: System.String +Type: String Parameter Sets: Default Aliases: SecretName @@ -201,7 +248,7 @@ The UTC time before which secret can't be used. If not specified, the existing value of the secret's NotBefore attribute remains unchanged. ```yaml -Type: System.Nullable`1[System.DateTime] +Type: DateTime Parameter Sets: (All) Aliases: @@ -217,7 +264,7 @@ Cmdlet does not return object by default. If this switch is specified, return Secret object. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -234,7 +281,7 @@ If not specified, the existing tags of the secret remain unchanged. Remove a tag by specifying an empty Hashtable. ```yaml -Type: System.Collections.Hashtable +Type: Hashtable Parameter Sets: (All) Aliases: Tags @@ -250,7 +297,7 @@ Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment. ```yaml -Type: System.String +Type: String Parameter Sets: Default Aliases: @@ -266,7 +313,7 @@ Secret version. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment, secret name and secret version. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: SecretVersion @@ -277,13 +324,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) -Aliases: cf +Aliases: wi Required: False Position: Named @@ -292,14 +340,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: System.Management.Automation.SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga Required: False Position: Named diff --git a/tools/StaticAnalysis/Exceptions/Az.KeyVault/ExampleIssues.csv b/tools/StaticAnalysis/Exceptions/Az.KeyVault/ExampleIssues.csv index 036d204e2217..ab15bfd5db34 100644 --- a/tools/StaticAnalysis/Exceptions/Az.KeyVault/ExampleIssues.csv +++ b/tools/StaticAnalysis/Exceptions/Az.KeyVault/ExampleIssues.csv @@ -1,9 +1,9 @@ "Module","Cmdlet","Example","Line","RuleName","ProblemId","Severity","Description","Extent","Remediation" -"Az.KeyVault","Remove-AzKeyVaultSecret","3","4","Invalid_Cmdlet","5000","1","Register-SecretVault is not a valid command name.","Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }","Check the spell of Register-SecretVault." -"Az.KeyVault","Remove-AzKeyVaultSecret","3","7","Invalid_Cmdlet","5000","1","Set-Secret is not a valid command name.","Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure","Check the spell of Set-Secret." -"Az.KeyVault","Remove-AzKeyVaultSecret","3","8","Invalid_Cmdlet","5000","1","Remove-Secret is not a valid command name.","Remove-Secret -Vault AzKeyVault -Name secureSecret","Check the spell of Remove-Secret." -"Az.KeyVault","Get-AzKeyVaultSecret","9","4","Invalid_Cmdlet","5000","1","Register-SecretVault is not a valid command name.","Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }","Check the spell of Register-SecretVault." -"Az.KeyVault","Get-AzKeyVaultSecret","9","7","Invalid_Cmdlet","5000","1","Set-Secret is not a valid command name.","Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure","Check the spell of Set-Secret." -"Az.KeyVault","Get-AzKeyVaultSecret","9","8","Invalid_Cmdlet","5000","1","Get-Secret is not a valid command name.","Get-Secret -Vault AzKeyVault -Name secureSecret -AsPlainText","Check the spell of Get-Secret." -"Az.KeyVault","Set-AzKeyVaultSecret","3","4","Invalid_Cmdlet","5000","1","Register-SecretVault is not a valid command name.","Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }","Check the spell of Register-SecretVault." -"Az.KeyVault","Set-AzKeyVaultSecret","3","7","Invalid_Cmdlet","5000","1","Set-Secret is not a valid command name.","Set-Secret -Name secureSecret -SecureStringSecret $secure -Vault AzKeyVault","Check the spell of Set-Secret." +"Az.KeyVault","Get-AzKeyVaultSecret","12","4","Invalid_Cmdlet","5000","1","Register-SecretVault is not a valid command name.","Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }","Check the spell of Register-SecretVault." +"Az.KeyVault","Get-AzKeyVaultSecret","12","7","Invalid_Cmdlet","5000","1","Set-Secret is not a valid command name.","Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure","Check the spell of Set-Secret." +"Az.KeyVault","Get-AzKeyVaultSecret","12","8","Invalid_Cmdlet","5000","1","Get-Secret is not a valid command name.","Get-Secret -Vault AzKeyVault -Name secureSecret -AsPlainText","Check the spell of Get-Secret." +"Az.KeyVault","Remove-AzKeyVaultSecret","4","4","Invalid_Cmdlet","5000","1","Register-SecretVault is not a valid command name.","Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }","Check the spell of Register-SecretVault." +"Az.KeyVault","Remove-AzKeyVaultSecret","4","7","Invalid_Cmdlet","5000","1","Set-Secret is not a valid command name.","Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure","Check the spell of Set-Secret." +"Az.KeyVault","Remove-AzKeyVaultSecret","4","8","Invalid_Cmdlet","5000","1","Remove-Secret is not a valid command name.","Remove-Secret -Vault AzKeyVault -Name secureSecret","Check the spell of Remove-Secret." +"Az.KeyVault","Set-AzKeyVaultSecret","4","4","Invalid_Cmdlet","5000","1","Register-SecretVault is not a valid command name.","Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @{ AZKVaultName = 'test-kv'; SubscriptionId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }","Check the spell of Register-SecretVault." +"Az.KeyVault","Set-AzKeyVaultSecret","4","7","Invalid_Cmdlet","5000","1","Set-Secret is not a valid command name.","Set-Secret -Name secureSecret -SecureStringSecret $secure -Vault AzKeyVault","Check the spell of Set-Secret."