Get-Secret
Finds and returns a secret by name from registered vaults.
Syntax
NameParameterSet (Default)
Get-Secret
[-Name] <String>
[[-Vault] <String>]
[-AsPlainText]
[<CommonParameters>]
InfoParameterSet
Get-Secret
[-InputObject] <SecretInformation>
[-AsPlainText]
[<CommonParameters>]
Description
This cmdlet finds and returns the first secret that matches the provided name. If a vault name is specified, only that vault is searched. Otherwise, it searches all vaults and returns the first matching result. If the vault registry has a default vault, the cmdlet searches that vault before any other registered vault. Secrets that are String or SecureString types are returned as SecureString objects by default.
Examples
Example 1
Get-Secret -Name Secret1 -Vault CredMan
Get-Secret -Name Secret1 -Vault CredMan -AsPlainText
System.Security.SecureString
PlainTextSecretString
This example searches for a secret with the name Secret1, which is a String type secret. The
first command returns the secret as a SecureString object. The second command uses the
AsPlainText parameter to return the secret as a String object instead, displaying in the
console as plain text.
Example 2
Get-SecretInfo -Name Secret2 -Vault SecretStore |
Get-Secret -AsPlainText
This example retrieves secret information for the secret named Secret2 in the vault named
SecretStore. It then sends the result through the pipeline to Get-Secret, which searches for the
secret and returns it as plain text.
Parameters
-AsPlainText
Specifies that a secret whose type is String or SecureString should be returned as a String (in plain text) instead of a SecureString. If the secret being retrieved isn't a String or SecureString, this parameter has no effect.
Caution
To ensure security, you should avoid using plaintext strings whenever possible.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InputObject
Specifies a SecretInformation object representing a vault secret instead of specifying the
Name and Vault parameters. You can get a SecretInformation object with the
Get-SecretInfo cmdlet.
Parameter properties
| Type: | Microsoft.PowerShell.SecretManagement.SecretInformation |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
InfoParameterSet
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specifies the name of the secret to retrieve. Wildcard characters aren't permitted.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
NameParameterSet
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Vault
Specifies the name of the registered vault to retrieve the secret from. If no vault name is specified, then all registered vaults are searched. If the vault registry has a default vault and this parameter isn't specified, then the default vault is searched before the other registered vaults.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
NameParameterSet
| Position: | 1 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
