Update-AzKeyVaultKey
Updates the attributes of a key in a key vault.
Syntax
Default (Default)
Update-AzKeyVaultKey
[-VaultName] <String>
[-Name] <String>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-KeyOps <String[]>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
HsmInteractive
Update-AzKeyVaultKey
[-Name] <String>
[[-Version] <String>]
-HsmName <String>
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-KeyOps <String[]>]
[-Immutable]
[-ReleasePolicyPath <String>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzKeyVaultKey
[-InputObject] <PSKeyVaultKeyIdentityItem>
[[-Version] <String>]
[-Enable <Boolean>]
[-Expires <DateTime>]
[-NotBefore <DateTime>]
[-KeyOps <String[]>]
[-Tag <Hashtable>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Update-AzKeyVaultKey cmdlet updates the editable attributes of a key in a key vault.
Examples
$Expires = (Get-Date).AddYears(2).ToUniversalTime()
$Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
Update-AzKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True -Tag $Tags -PassThru
Vault Name : Contoso
Name : ITSoftware
Version : 394f9379a47a4e2086585468de6c7ae5
Id : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled : True
Expires : 5/25/2020 7:58:07 PM
Not Before :
Created : 4/6/2018 11:31:36 PM
Updated : 5/25/2018 7:59:02 PM
Purge Disabled : False
Tags : Name Value
Severity high
Accounting true
The first command creates a DateTime object by using the Get-Date cmdlet. That object
specifies a time two years in the future. The command stores that date in the $Expires variable.
For more information, type Get-Help Get-Date.
The second command creates a variable to store tag values of high severity and Accounting.
The final command modifies a key named ITSoftware. The command enables the key, sets its expiration
time to the time stored in $Expires, and sets the tags that are stored in $Tags.
Update-AzKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Version '394f9379a47a4e2086585468de6c7ae5' -Tag @{}
Vault Name : Contoso
Name : ITSoftware
Version : 394f9379a47a4e2086585468de6c7ae5
Id : https://Contoso.vault.azure.net:443/keys/ITSoftware/394f9379a47a4e2086585468de6c7ae5
Enabled : True
Expires : 5/25/2020 7:58:07 PM
Not Before :
Created : 4/6/2018 11:31:36 PM
Updated : 5/25/2018 8:00:08 PM
Purge Disabled : False
Tags :
This commands deletes all tags for a specific version of a key named ITSoftware.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Enable
Value of true enables the key and a value of false disables the key.
If not specified, the existing enabled/disabled state remains unchanged.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Expires
The expiration time of a key in UTC time.
If not specified, the existing expiration time of the key remains unchanged.
Please notice that expires is ignored for Key Exchange Key used in BYOK process.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-HsmName
HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
HsmInteractive
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Immutable
Sets the release policy as immutable state. Once marked immutable, this flag cannot be reset and the policy cannot be changed under any circumstances.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
HsmInteractive
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Key object
InputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-KeyOps
The operations that can be performed with the key.
If not specified, the existing key operations of the key remain unchanged.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Key name.
Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: KeyName
Parameter sets
Default
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
HsmInteractive
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NotBefore
The UTC time before which key can't be used.
If not specified, the existing NotBefore attribute of the key remains unchanged.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PassThru
Cmdlet does not return an object by default.
If this switch is specified, returns the updated key bundle object.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ReleasePolicyPath
A path to a file containing JSON policy definition. The policy rules under which a key can be exported.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
HsmInteractive
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Tag
A hashtable represents key tags.
If not specified, the existing tags of the key remain unchanged.
Parameter properties
Type: Hashtable
Default value: None Supports wildcards: False DontShow: False Aliases: Tags
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-VaultName
Vault name.
Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
Default
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Version
Key version.
Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: KeyVersion
Parameter sets
(All)
Position: 2 Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
