-
Notifications
You must be signed in to change notification settings - Fork 496
/
Copy pathsecret.yml
448 lines (447 loc) · 17.6 KB
/
secret.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
### YamlMime:AzureCLIGroup
uid: az_keyvault_secret
name: az keyvault secret
summary: |-
Manage secrets.
status: GA
sourceType: Core
directCommands:
- uid: az_keyvault_secret_backup
name: az keyvault secret backup
summary: |-
Backs up the specified secret.
description: |-
Requests that a backup of the specified secret be downloaded to the client. All versions of the secret will be downloaded. This operation requires the secrets/backup permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret backup --file
[--id]
[--name]
[--vault-name]
requiredParameters:
- isRequired: true
name: --file -f
summary: |-
File to receive the secret contents.
optionalParameters:
- name: --id
summary: |-
Id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- uid: az_keyvault_secret_delete
name: az keyvault secret delete
summary: |-
Delete all versions of a secret.
description: |-
Requires secrets/delete permission. When this method returns Key Vault has begun deleting the secret. Deletion may take several seconds in a vault with soft-delete enabled. This method therefore returns a poller enabling you to wait for deletion to complete.
status: Deprecated
isDeprecated: true
deprecateInfo: >-
Warning! If you have soft-delete protection enabled on this key vault, this secret will be moved to the soft deleted state. You will not be able to create a secret with the same name within this key vault until the secret has been purged from the soft-deleted state. Please see the following documentation for additional guidance.
https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret delete [--id]
[--name]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
Id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- uid: az_keyvault_secret_download
name: az keyvault secret download
summary: |-
Download a secret from a KeyVault.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret download --file
[--encoding {ascii, base64, hex, utf-16be, utf-16le, utf-8}]
[--id]
[--name]
[--vault-name]
[--version]
requiredParameters:
- isRequired: true
name: --file -f
summary: |-
File to receive the secret contents.
optionalParameters:
- name: --encoding -e
parameterValueGroup: "ascii, base64, hex, utf-16be, utf-16le, utf-8"
summary: |-
Encoding of the secret. By default, will look for the 'file-encoding' tag on the secret. Otherwise will assume 'utf-8'.
- name: --id
summary: |-
Id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- name: --version -v
summary: |-
The secret version. If omitted, uses the latest version.
- uid: az_keyvault_secret_list
name: az keyvault secret list
summary: |-
List secrets in a specified key vault.
description: |-
The Get Secrets operation is applicable to the entire vault. However, only the base secret identifier and its attributes are provided in the response. Individual secret versions are not listed in the response. This operation requires the secrets/list permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret list [--id]
[--include-managed {false, true}]
[--maxresults]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
Full URI of the Vault. If specified all other 'Id' arguments should be omitted.
- name: --include-managed
defaultValue: "False"
parameterValueGroup: "false, true"
summary: |-
Include managed secrets. Default: false.
- name: --maxresults
summary: |-
Maximum number of results to return in a page. If not specified, the service will return up to 25 results.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- uid: az_keyvault_secret_list-deleted
name: az keyvault secret list-deleted
summary: |-
Lists deleted secrets for the specified vault.
description: |-
The Get Deleted Secrets operation returns the secrets that have been deleted for a vault enabled for soft-delete. This operation requires the secrets/list permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret list-deleted [--id]
[--maxresults]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
Full URI of the Vault. If specified all other 'Id' arguments should be omitted.
- name: --maxresults
summary: |-
Maximum number of results to return in a page. If not specified, the service will return up to 25 results.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- uid: az_keyvault_secret_list-versions
name: az keyvault secret list-versions
summary: |-
List all versions of the specified secret.
description: |-
The full secret identifier and attributes are provided in the response. No values are returned for the secrets. This operations requires the secrets/list permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret list-versions [--id]
[--maxresults]
[--name]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
Id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --maxresults
summary: |-
Maximum number of results to return in a page. If not specified, the service will return up to 25 results.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- uid: az_keyvault_secret_purge
name: az keyvault secret purge
summary: |-
Permanently deletes the specified secret.
description: |-
The purge deleted secret operation removes the secret permanently, without the possibility of recovery. This operation can only be enabled on a soft-delete enabled vault. This operation requires the secrets/purge permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret purge [--id]
[--name]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
The recovery id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Vault. Required if --id is not specified.
- uid: az_keyvault_secret_recover
name: az keyvault secret recover
summary: |-
Recovers the deleted secret to the latest version.
description: |-
Recovers the deleted secret in the specified vault. This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret recover [--id]
[--name]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
The recovery id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Vault. Required if --id is not specified.
- uid: az_keyvault_secret_restore
name: az keyvault secret restore
summary: |-
Restores a backed up secret to a vault.
description: |-
Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret restore --file
--vault-name
requiredParameters:
- isRequired: true
name: --file -f
summary: |-
File to receive the secret contents.
- isRequired: true
name: --vault-name
summary: |-
Name of the Vault.
- uid: az_keyvault_secret_set
name: az keyvault secret set
summary: |-
Create a secret (if one doesn't exist) or update a secret in a KeyVault.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret set --name
--vault-name
[--content-type]
[--disabled {false, true}]
[--encoding {ascii, base64, hex, utf-16be, utf-16le, utf-8}]
[--expires]
[--file]
[--not-before]
[--tags]
[--value]
examples:
- summary: |-
Create a secret (if one doesn't exist) or update a secret in a KeyVault.
syntax: az keyvault secret set --name MySecretName --vault-name MyKeyVault --value MyVault
- summary: |-
Create a secret (if one doesn't exist) or update a secret in a KeyVault through a file.
syntax: az keyvault secret set --name MySecretName --vault-name MyKeyVault --file /path/to/file --encoding MyEncoding
requiredParameters:
- isRequired: true
name: --name -n
summary: |-
Name of the secret.
- isRequired: true
name: --vault-name
summary: |-
Name of the Vault.
optionalParameters:
- name: --content-type --description
summary: |-
Description of the secret contents (e.g. password, connection string, etc).
- name: --disabled
parameterValueGroup: "false, true"
summary: |-
Create secret in disabled state.
- name: --encoding -e
defaultValue: "utf-8"
parameterValueGroup: "ascii, base64, hex, utf-16be, utf-16le, utf-8"
summary: |-
Source file encoding. The value is saved as a tag (`file-encoding=<val>`) and used during download to automatically encode the resulting file.
- name: --expires
summary: |-
Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
- name: --file -f
summary: |-
Source file for secret. Use in conjunction with '--encoding'.
- name: --not-before
summary: |-
Secret not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- name: --tags
summary: |-
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
- name: --value
summary: |-
Plain text secret value. Cannot be used with '--file' or '--encoding'.
- uid: az_keyvault_secret_set-attributes
name: az keyvault secret set-attributes
summary: |-
Updates the attributes associated with a specified secret in a given key vault.
description: |-
The UPDATE operation changes specified attributes of an existing stored secret. Attributes that are not specified in the request are left unchanged. The value of a secret itself cannot be changed. This operation requires the secrets/set permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret set-attributes [--content-type]
[--enabled {false, true}]
[--expires]
[--id]
[--name]
[--not-before]
[--tags]
[--vault-name]
[--version]
optionalParameters:
- name: --content-type
summary: |-
Type of the secret value such as a password.
- name: --enabled
parameterValueGroup: "false, true"
summary: |-
Enable the secret.
- name: --expires
summary: |-
Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
- name: --id
summary: |-
Id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --not-before
summary: |-
Secret not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- name: --tags
summary: |-
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- name: --version -v
summary: |-
The secret version. If omitted, uses the latest version.
- uid: az_keyvault_secret_show
name: az keyvault secret show
summary: |-
Get a specified secret from a given key vault.
description: |-
The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret show [--id]
[--name]
[--vault-name]
[--version]
optionalParameters:
- name: --id
summary: |-
Id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Key Vault. Required if --id is not specified.
- name: --version -v
summary: |-
The secret version. If omitted, uses the latest version.
- uid: az_keyvault_secret_show-deleted
name: az keyvault secret show-deleted
summary: |-
Gets the specified deleted secret.
description: |-
The Get Deleted Secret operation returns the specified deleted secret along with its attributes. This operation requires the secrets/get permission.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
syntax: >-
az keyvault secret show-deleted [--id]
[--name]
[--vault-name]
optionalParameters:
- name: --id
summary: |-
The recovery id of the secret. If specified all other 'Id' arguments should be omitted.
- name: --name -n
summary: |-
Name of the secret. Required if --id is not specified.
- name: --vault-name
summary: |-
Name of the Vault. Required if --id is not specified.
commands:
- az_keyvault_secret_backup
- az_keyvault_secret_delete
- az_keyvault_secret_download
- az_keyvault_secret_list
- az_keyvault_secret_list-deleted
- az_keyvault_secret_list-versions
- az_keyvault_secret_purge
- az_keyvault_secret_recover
- az_keyvault_secret_restore
- az_keyvault_secret_set
- az_keyvault_secret_set-attributes
- az_keyvault_secret_show
- az_keyvault_secret_show-deleted
globalParameters:
- name: --debug
summary: |-
Increase logging verbosity to show all debug logs.
- name: --help -h
summary: |-
Show this help message and exit.
- name: --only-show-errors
summary: |-
Only show errors, suppressing warnings.
- name: --output -o
defaultValue: "json"
parameterValueGroup: "json, jsonc, none, table, tsv, yaml, yamlc"
summary: |-
Output format.
- name: --query
summary: |-
JMESPath query string. See <a href="http://jmespath.org/">http://jmespath.org/</a> for more information and examples.
- name: --subscription
summary: |-
Name or ID of subscription. You can configure the default subscription using `az account set -s NAME_OR_ID`.
- name: --verbose
summary: |-
Increase logging verbosity. Use --debug for full debug logs.
metadata:
ms.date: 12/04/2024
description: Manage secrets.