TechQA.

Get-AzKeyVaultSecret can't read secret value in Powershell

9.5k views Asked by At

I'm not able to read the value of one of my secrets in Key Vault. I'm logged in with my Azure account and I have full permission to the selected Key Vault.

I'm able to retrieve a list of available secrets using the following command:

$keyVaultValue = (Get-AzKeyVaultSecret -VaultName 'name-of-key-vault')

And then see the content when I write:

Write-Output $keyVaultValue

But when I ask for a specific key it just returns null:

$keyVaultValue = (Get-AzKeyVaultSecret -VaultName 'name-of-key-vault' -Name 'my-secret-name').SecretValueText

I've checked the name and subscription ID and everything is correct. I can easily read the value from the portal, but no from powershell on my Windows PC.

Any suggestions?

azure powershell azure-keyvault powershell-az-module
Original Q&A
5

There are 5 answers

4
Amit Baranes On BEST ANSWER

SecretValueText is deprecated, You can use the following syntax the retrieve the value as plain text:

$keyVaultValue = Get-AzKeyVaultSecret -VaultName 'name-of-key-vault' -Name 'my-secret-name'
$keyVaultValue.SecretValue | ConvertFrom-SecureString -AsPlainText

More information and examples can be found here.

0
Sajith A.K. On

If we use -AsPlainText in Get-AzKeyVaultSecret, then it will work.

$secretText = Get-AzKeyVaultSecret -VaultName $KeyVault -Name $CertSecret -AsPlainText
Write-Host "Secret Value: $secretText"
0
khadim hussain On

If you want to show all key-vault secrets name and their key values then you can use this in powershell

$secrets=Get-AzKeyVaultSecret -VaultName 'key-vault-name'
$secrets | % {Write-Output "$($_.name) $($(Get-AzKeyVaultSecret -VaultName $_.VaultName -Name $_.Name).SecretValue | ConvertFrom-SecureString -AsPlainText)" }
0
Alexander Farber On

Try using this function:

function GetSecretValue
{
    param(
        [String]$keyvaultName,
        [String]$secretName
    )

    Write-Host "Retrieving secret $secretName from $keyvaultName... " -NoNewline
    if ((Get-Command Get-AzKeyVaultSecret).ParameterSets.Parameters.Name -contains "AsPlainText")
    {
        # Newer Get-AzKeyVaultSecret version requires -AsPlainText parameter 
        $secretValue = Get-AzKeyVaultSecret -VaultName $keyvaultName -Name $secretName -AsPlainText
    }
    else
    {
        $secretValue = (Get-AzKeyVaultSecret -VaultName $keyvaultName -Name $secretName).SecretValueText
    }
    Write-Host "ok"
    return $secretValue
}

Usage example:

$keyVaultValue = GetSecretValue "name-of-key-vault" "my-secret-name"
0
jamal4code On

I just wanted to add some more recent and easier ways to achieve this. With the latest versions of Az, you can just add -AsPlainText parameter after the command to get the secret value directly.

Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $SecretName -AsPlainText

Here is a full usage example of getting a certificate from the key vault and saving it as a pfx file using the same cmdlet.

{... Skipping code ...}
$CertificateSecretValue = Get-AzKeyVaultSecret -VaultName $KeyVautlName -Name $CertificateSecretName -AsPlainText

# Decode the base64-encoded PFX
$CertificateSecretBytes = [System.Convert]::FromBase64String($CertificateSecretValue)
[System.IO.File]::WriteAllBytes($PfxCertFilePath, $CertificateSecretBytes)
# {... Skipping code ...}

Related Questions in AZURE

Related Questions in POWERSHELL

Related Questions in AZURE-KEYVAULT

Related Questions in POWERSHELL-AZ-MODULE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions