Introduction

If you are using Azure Key Vault to store your secrets, you probably know it's a tedious task to search manually for a specific secret when you have a lot of secrets stored in the same Key Vault - for example, if you store your BitLocker keys for your entire organization.

This guide will show you how to efficiently search and retrieve secrets using PowerShell commands with wildcard support, making your secret management workflow much more efficient.

Important Update

Please notice that the old connection to Azure Key Vault has been changed if you are trying to connect from a command line outside of Azure Cloud Shell.

From now you need to use the new authentication method shown below.

Authentication Setup

New Authentication Method

Use this command to authenticate with Azure Key Vault from outside Azure Cloud Shell:

PowerShell - Authentication 
Connect-AzAccount -AuthScope AzureKeyVaultServiceEndpointResourceId

Basic Secret Retrieval

Single Secret Retrieval

For retrieving a specific secret, use this PowerShell command (works in PowerShell ISE or Azure Cloud Shell):

PowerShell - Basic Retrieval 
Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "SecretName" -AsPlainText

Advanced Wildcard Search

Pattern Matching with Wildcards

You can use wildcards to search for secrets with specific patterns, which is particularly useful when dealing with large numbers of secrets:

PowerShell - Wildcard Search 
Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "Secret*" -AsPlainText

Pro Tip: Pattern Matching Examples

Adding an asterisk in any part of the secret name will make the search work as a wildcard. For example, if you have multiple name patterns like:

Test-ing-username

You can search for all secrets starting with "test-ing" using the pattern shown below.

Pattern-Based Search Example

Use this command to search for all secrets under a specific pattern (e.g., "test-ing"):

PowerShell - Pattern Search 
Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "test-ing*" -AsPlainText
Azure Key Vault Portal Interface

Azure Key Vault Portal Interface

Retrieving Secret Values

Getting the Actual Secret Value

The wildcard search retrieves all secrets matching the pattern with metadata, but without the actual secret values. To get the secret value itself, use the full name of the secret:

PowerShell - Get Secret Value 
Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "SecretName" -AsPlainText

Important Note

The -AsPlainText parameter is crucial for retrieving the actual secret value. Without it, you'll only get metadata about the secret.

Summary

Using PowerShell with Azure Key Vault makes it easy to search and retrieve secrets efficiently, especially when dealing with large numbers of secrets. The wildcard functionality is particularly useful for pattern-based secret naming conventions.

Key Benefits

  • Efficient wildcard searching
  • Pattern-based secret retrieval
  • Secure secret management

Best Practices

  • Use proper authentication
  • Implement naming conventions
  • Leverage wildcard patterns
Author

Ram Apter

Azure Key Vault & PowerShell Expert

Specializing in Azure security services, secret management, and PowerShell automation. Bringing practical insights to complex Azure implementations.

Share this article

Related Articles

Auto Logon & Intune Kiosk Deployment

Complete guide to configuring secure kiosk mode with Microsoft Intune and automated login.

BitLocker & Intune with Key Vault

Enterprise BitLocker management using Microsoft Intune and Azure Key Vault integration.