Retrieve Secrets from Azure Key Vault

Author: Ram Apter

If you are using Azure Key Vault to store your secrets, you probably know it’s a tedious task to search manually for a specific secret when you have a lot of secrets stored in the same Key Vault - for example, if you store your BitLocker keys for your entire organization.

Please notice that the old connection to azure key vault has been changed if you are trying to connect from a command line outside of Azure cloud shell.

From now you need to use:

            Connect-AzAccount -AuthScope AzureKeyVaultServiceEndpointResourceId

For that, we have a simple PowerShell command to search (which you can use either via PowerShell ISE or Azure Cloud Shell):

            Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "SecretName" -AsPlainText

In that way, you can even use wildcards to search for a specific secret in a sea of pattern name-based secrets:

            Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "Secret*" -AsPlainText

Adding an asterisk in any part of the secret name will make the search work as a wildcard. For example, if I have multiple name patterns, such as:

Test-ing-username

I can use an asterisk to search for all the computer secrets under test-ing:

            Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "test-ing*" -AsPlainText

This will retrieve all the secrets that have "test-ing" in the name with all the data related to the secret. but without the secret, which is fine, now you need to get the secret itself with the full name of the secret name

            Get-AzKeyVaultSecret -VaultName "<your-unique-keyvault-name>" -Name "SecretName" -AsPlainText